Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
fNlxQP0jBz.exe

Overview

General Information

Sample name:fNlxQP0jBz.exe
renamed because original name is a hash value
Original sample name:687bbf73e7b900ff5d46c6c2d23c6a40.exe
Analysis ID:1576055
MD5:687bbf73e7b900ff5d46c6c2d23c6a40
SHA1:3525c527942817869fb00ee2a8aa88e78a331f3a
SHA256:18defb28d0c93edff52a2be5d4317dad26358a689671beda075a36db021f5525
Tags:exeuser-abuse_ch
Infos:

Detection

Credential Flusher
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • fNlxQP0jBz.exe (PID: 5004 cmdline: "C:\Users\user\Desktop\fNlxQP0jBz.exe" MD5: 687BBF73E7B900FF5D46C6C2D23C6A40)
    • taskkill.exe (PID: 4564 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6584 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 6196 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 3176 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 6300 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 4324 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7164 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 320 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 6524 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 6720 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 1532 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7116 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2188 -parentBuildID 20230927232528 -prefsHandle 2132 -prefMapHandle 2124 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9a754aa-3655-4613-bcb0-b77e3b3435f5} 1532 "\\.\pipe\gecko-crash-server-pipe.1532" 1541636f110 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7524 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3780 -parentBuildID 20230927232528 -prefsHandle 3448 -prefMapHandle 3084 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8366b4e-ce3b-4905-b66e-3975694fae10} 1532 "\\.\pipe\gecko-crash-server-pipe.1532" 15428c2ed10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8024 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5132 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5124 -prefMapHandle 5060 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24de6617-596f-4cb2-aaf6-b661cea48c1c} 1532 "\\.\pipe\gecko-crash-server-pipe.1532" 15430c97110 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: fNlxQP0jBz.exe PID: 5004JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: fNlxQP0jBz.exeAvira: detected
    Multi AV Scanner detection for submitted file
    Source: fNlxQP0jBz.exeReversingLabs: Detection: 34%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
    Machine Learning detection for sample
    Source: fNlxQP0jBz.exeJoe Sandbox ML: detected
    Source: fNlxQP0jBz.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49716 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49718 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49722 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49732 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49752 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49753 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49760 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49768 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49789 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49791 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.65.91:443 -> 192.168.2.5:49792 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49794 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49795 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49796 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49797 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49868 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49869 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49872 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49873 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49874 version: TLS 1.2
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000E.00000003.2327589402.00000154262DA000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000E.00000003.2325866108.00000154262D0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.2327589402.00000154262DA000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.2327589402.00000154262DA000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000E.00000003.2325866108.00000154262D0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 0000000E.00000003.2325761052.0000015432E01000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.2327589402.00000154262DA000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000E.00000003.2325761052.0000015432E01000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008FDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_008FDBBE
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008CC2A2 FindFirstFileExW,0_2_008CC2A2
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_009068EE FindFirstFileW,FindClose,0_2_009068EE
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0090698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0090698F
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008FD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_008FD076
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008FD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_008FD3A9
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_00909642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00909642
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0090979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0090979D
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_00909B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00909B2B
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_00905C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00905C97
    Source: firefox.exeMemory has grown: Private usage: 1MB later: 208MB
    Source: unknownNetwork traffic detected: DNS query count 31
    Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
    Source: Joe Sandbox ViewIP Address: 151.101.65.91 151.101.65.91
    Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
    Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0090CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_0090CE44
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: firefox.exe, 0000000E.00000003.2192852244.0000015431ABD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2217411779.00000154291E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2271406483.00000154291E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2282270220.00000154327A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2259763602.00000154327AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2270653791.00000154327AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.youtube.com/* equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2272445679.0000015428288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272348230.00000154282AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274159142.0000015428063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2272445679.0000015428288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272348230.00000154282AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274159142.0000015428063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2297115892.00000154286E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2217411779.00000154291E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2271406483.00000154291E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2309027562.00000154327AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2259763602.00000154327AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2270653791.00000154327AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2282895749.000001542E937000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304565960.000001542E944000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2282895749.000001542E937000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304565960.000001542E944000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2272445679.0000015428288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272348230.00000154282AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274159142.0000015428063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2272445679.0000015428288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272348230.00000154282AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274159142.0000015428063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000011.00000002.3289565862.000001B59FF0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3289875273.000001A01520C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000011.00000002.3289565862.000001B59FF0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3289875273.000001A01520C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 00000011.00000002.3289565862.000001B59FF0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3289875273.000001A01520C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2297840224.00000154327A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2259763602.000001543279E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://bfdd6cf3-6cd6-4fa2-bc72-2c3d2e7d20f8/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2316252906.000001542FC6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2297115892.00000154286E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2217411779.00000154291E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2309027562.00000154327AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2156401730.0000015428049000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2259763602.00000154327AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2316252906.000001542FC6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2295006638.00000154286EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2219744029.00000154286EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
    Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
    Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
    Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: example.org
    Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
    Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
    Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
    Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.reddit.com
    Source: global trafficDNS traffic detected: DNS query: twitter.com
    Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
    Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2319612721.00000154292DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2216545890.00000154292DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
    Source: firefox.exe, 0000000E.00000003.2324718303.0000015427340000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
    Source: firefox.exe, 0000000E.00000003.2324718303.0000015427340000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
    Source: firefox.exe, 0000000E.00000003.2324718303.0000015427340000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
    Source: firefox.exe, 0000000E.00000003.2324718303.0000015427340000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: firefox.exe, 0000000E.00000003.2200466716.0000015426278000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197899992.0000015426278000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2326563239.000001542626A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2201651951.0000015426278000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2202703124.000001542627A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2202235662.0000015426278000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: firefox.exe, 0000000E.00000003.2197899992.0000015426278000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2326563239.000001542626A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2202703124.000001542627A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: firefox.exe, 0000000E.00000003.2200466716.0000015426278000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197899992.0000015426278000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2201651951.0000015426278000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: firefox.exe, 0000000E.00000003.2200466716.0000015426278000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197899992.0000015426278000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2326563239.000001542626A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2201651951.0000015426278000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2202703124.000001542627A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2202235662.0000015426278000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: firefox.exe, 0000000E.00000003.2197899992.0000015426278000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2202703124.000001542627A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: firefox.exe, 0000000E.00000003.2200466716.0000015426278000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197899992.0000015426278000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2201651951.0000015426278000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: firefox.exe, 0000000E.00000003.2289255997.000001542827D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2291049852.0000015427C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
    Source: firefox.exe, 0000000E.00000003.2273365879.0000015428224000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
    Source: firefox.exe, 0000000E.00000003.2323926276.0000015427375000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
    Source: firefox.exe, 0000000E.00000003.2273989850.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
    Source: firefox.exe, 0000000E.00000003.2298404624.0000015431CD3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
    Source: firefox.exe, 0000000E.00000003.2311556194.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2322020808.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301518060.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2156401730.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2273989850.00000154280E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-04/schema#
    Source: firefox.exe, 0000000E.00000003.2311556194.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2322020808.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301518060.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2156401730.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2273989850.00000154280E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-06/schema#
    Source: firefox.exe, 0000000E.00000003.2311556194.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2322020808.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301518060.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2156401730.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2273989850.00000154280E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema#-
    Source: firefox.exe, 0000000E.00000003.2311556194.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2322020808.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301518060.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2156401730.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2273989850.00000154280E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
    Source: firefox.exe, 0000000E.00000003.2322020808.00000154280FE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301518060.00000154280FE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2273989850.00000154280FE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2156401730.00000154280E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/
    Source: firefox.exe, 0000000E.00000003.2232919319.000001542E548000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2167672520.0000015427AD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2231523555.00000154287C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2136924469.000001542E4B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2291665792.00000154278DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2280985876.0000015427BC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155046621.000001542E6C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2249657837.00000154234FC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2226186934.00000154285E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2161367255.0000015428455000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2225533368.00000154284E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236286667.000001542E5D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2270028023.0000015428535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2136429231.000001542E6C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2114558439.0000015426760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2165790472.0000015431A69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2218023756.0000015428DF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2280985876.0000015427BDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2279571691.00000154284C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2122590156.0000015427BCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2231337077.0000015428743000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: firefox.exe, 0000000E.00000003.2200466716.0000015426278000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197899992.0000015426278000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2201651951.0000015426278000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
    Source: firefox.exe, 0000000E.00000003.2200466716.0000015426278000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197899992.0000015426278000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2326563239.000001542626A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2201651951.0000015426278000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2202703124.000001542627A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2202235662.0000015426278000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: firefox.exe, 0000000E.00000003.2197899992.0000015426278000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2326563239.000001542626A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2202703124.000001542627A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.thawte.com0
    Source: firefox.exe, 0000000E.00000003.2271406483.00000154291EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2217411779.00000154291EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
    Source: firefox.exe, 0000000E.00000003.2209336273.000001542E65A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0W
    Source: firefox.exe, 0000000E.00000003.2271406483.00000154291EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2217411779.00000154291EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2209336273.000001542E65A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://www.mozilla.com0
    Source: firefox.exe, 0000000E.00000003.2310825937.0000015428613000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
    Source: firefox.exe, 0000000E.00000003.2324718303.0000015427340000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
    Source: firefox.exe, 0000000E.00000003.2302348776.0000015427C6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2289707989.0000015427C6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262153620.0000015431BA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2218518799.0000015428D7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2218714139.0000015428D48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275051251.0000015427C6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2206668108.0000015431BA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2313245836.0000015427C6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
    Source: firefox.exe, 0000000E.00000003.2218518799.0000015428D7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul8
    Source: firefox.exe, 0000000E.00000003.2218518799.0000015428D7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulp
    Source: mozilla-temp-41.14.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: firefox.exe, 0000000E.00000003.2271406483.00000154291EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2217411779.00000154291EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2209336273.000001542E65A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
    Source: firefox.exe, 0000000E.00000003.2271406483.00000154291EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2217411779.00000154291EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2209336273.000001542E65A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
    Source: firefox.exe, 0000000E.00000003.2306242850.000001542E92F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2282895749.000001542E92E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
    Source: firefox.exe, 0000000E.00000003.2113103439.0000015426653000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2111709313.000001542661D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2111177969.0000015426400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2112576038.0000015426638000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2113602594.000001542666F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
    Source: firefox.exe, 0000000E.00000003.2286482684.0000015429C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2215188728.0000015429C53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
    Source: firefox.exe, 0000000E.00000003.2304492293.000001542FCC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
    Source: firefox.exe, 0000000E.00000003.2208914414.000001542E69A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2315997405.0000015430C10000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
    Source: firefox.exe, 0000000E.00000003.2215188728.0000015429C45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
    Source: firefox.exe, 0000000E.00000003.2316252906.000001542FC6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
    Source: firefox.exe, 0000000E.00000003.2316252906.000001542FC6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
    Source: firefox.exe, 0000000E.00000003.2316252906.000001542FC6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
    Source: firefox.exe, 0000000E.00000003.2316252906.000001542FC6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
    Source: firefox.exe, 0000000E.00000003.2316252906.000001542FC6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
    Source: firefox.exe, 0000000E.00000003.2184862111.0000015431A9A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2321544054.00000154281A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2273637605.00000154281A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
    Source: firefox.exe, 0000000E.00000003.2316252906.000001542FC6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 0000000E.00000003.2316252906.000001542FC6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
    Source: firefox.exe, 0000000E.00000003.2208914414.000001542E69A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2310659092.0000015428E89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264019080.0000015428E88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2156183178.0000015428E89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2139341492.0000015428E95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2208649062.000001542E7F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
    Source: firefox.exe, 0000000E.00000003.2208437696.0000015430C5F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2299776588.0000015430C5F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2216545890.00000154292DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304276643.0000015430C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
    Source: firefox.exe, 00000010.00000002.3289799652.00000204E09CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3289565862.000001B59FFE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3293283330.000001A015305000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
    Source: firefox.exe, 00000010.00000002.3289799652.00000204E09CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3289565862.000001B59FFE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3293283330.000001A015305000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
    Source: firefox.exe, 0000000E.00000003.2316379915.000001542FC3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
    Source: firefox.exe, 0000000E.00000003.2193269242.00000154313C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
    Source: firefox.exe, 0000000E.00000003.2193269242.00000154313C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
    Source: firefox.exe, 0000000E.00000003.2192570882.0000015431ADE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2193269242.00000154313C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
    Source: firefox.exe, 0000000E.00000003.2192570882.0000015431ADE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
    Source: firefox.exe, 0000000E.00000003.2193269242.00000154313C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
    Source: firefox.exe, 0000000E.00000003.2209683958.000001542E4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155445828.000001542E4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2271123843.000001542E4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2136924469.000001542E4DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
    Source: firefox.exe, 0000000E.00000003.2209683958.000001542E4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155445828.000001542E4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2271123843.000001542E4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2136924469.000001542E4DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
    Source: firefox.exe, 0000000E.00000003.2209683958.000001542E4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155445828.000001542E4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2271123843.000001542E4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2136924469.000001542E4DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
    Source: firefox.exe, 0000000E.00000003.2209683958.000001542E4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155445828.000001542E4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2271123843.000001542E4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2136924469.000001542E4DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
    Source: firefox.exe, 0000000E.00000003.2192570882.0000015431ADE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2193269242.00000154313C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
    Source: firefox.exe, 0000000E.00000003.2231523555.00000154287C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2231337077.0000015428743000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
    Source: firefox.exe, 0000000E.00000003.2193269242.00000154313C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
    Source: firefox.exe, 0000000E.00000003.2191510535.0000015431AF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=793869
    Source: firefox.exe, 0000000E.00000003.2192570882.0000015431ADE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2191510535.0000015431AF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2193269242.00000154313C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
    Source: firefox.exe, 0000000E.00000003.2192570882.0000015431ADE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
    Source: firefox.exe, 0000000E.00000003.2113103439.0000015426653000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2111709313.000001542661D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2111177969.0000015426400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2113839107.000001542668A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2112576038.0000015426638000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2113602594.000001542666F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
    Source: firefox.exe, 0000000E.00000003.2156401730.0000015428063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net
    Source: firefox.exe, 0000000E.00000003.2321544054.0000015428156000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/
    Source: firefox.exe, 0000000E.00000003.2156401730.00000154280CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
    Source: firefox.exe, 00000010.00000002.3289799652.00000204E09CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3289565862.000001B59FFE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3293283330.000001A015305000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: firefox.exe, 00000010.00000002.3289799652.00000204E09CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3289565862.000001B59FFE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3293283330.000001A015305000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
    Source: firefox.exe, 0000000E.00000003.2208712524.000001542E6C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2306972858.000001542E7A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2306877960.000001542E7B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2208712524.000001542E6C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275051251.0000015427C6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2313245836.0000015427C6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
    Source: firefox.exe, 0000000E.00000003.2279179295.000001542E55F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236286667.000001542E55B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
    Source: firefox.exe, 0000000E.00000003.2217593688.00000154291C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2192852244.0000015431ABD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000E.00000003.2207437954.0000015430D39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
    Source: firefox.exe, 0000000E.00000003.2207437954.0000015430D39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
    Source: firefox.exe, 0000000E.00000003.2207437954.0000015430D39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureWebExtensionUncheckedLastErr
    Source: firefox.exe, 0000000E.00000003.2207437954.0000015430D39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarningElem
    Source: firefox.exe, 0000000E.00000003.2288304448.00000154289B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
    Source: firefox.exe, 0000000E.00000003.2224237203.000001542841B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
    Source: firefox.exe, 0000000E.00000003.2279179295.000001542E55F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236286667.000001542E55B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
    Source: firefox.exe, 0000000E.00000003.2279179295.000001542E55F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236286667.000001542E55B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
    Source: firefox.exe, 0000000E.00000003.2279179295.000001542E55F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236286667.000001542E55B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
    Source: firefox.exe, 0000000E.00000003.2153888009.000001542E9A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2111177969.0000015426400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2321544054.00000154281A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2273637605.00000154281A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2237097994.000001542E8F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2112576038.0000015426638000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2113602594.000001542666F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
    Source: firefox.exe, 0000000E.00000003.2261603191.0000015431CD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?t=ffab&q=
    Source: firefox.exe, 0000000E.00000003.2207437954.0000015430D39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/SelectOptionsLengthAssignmentW
    Source: firefox.exe, 0000000E.00000003.2307921952.000001542E0E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2286071959.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2136924469.000001542E43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2209683958.000001542E43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2300484785.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2263079118.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2210474381.000001542E0E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155445828.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3289565862.000001B59FF12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3289875273.000001A015213000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
    Source: firefox.exe, 0000000E.00000003.2147344650.0000015427F1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2146180040.0000015427F28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
    Source: firefox.exe, 0000000E.00000003.2207437954.0000015430D0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2207437954.0000015430D21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2208151277.0000015430CFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
    Source: firefox.exe, 0000000E.00000003.2261603191.0000015431CC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
    Source: firefox.exe, 0000000E.00000003.2307921952.000001542E0E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2286071959.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2136924469.000001542E43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2209683958.000001542E43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2300484785.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2263079118.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2210474381.000001542E0E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155445828.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3289565862.000001B59FF12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3289875273.000001A015213000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
    Source: firefox.exe, 00000012.00000002.3289875273.000001A0152C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
    Source: firefox.exe, 00000012.00000002.3289875273.000001A0152C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
    Source: firefox.exe, 00000012.00000002.3289875273.000001A015230000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
    Source: firefox.exe, 0000000E.00000003.2307032257.000001542E787000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
    Source: firefox.exe, 0000000E.00000003.2307032257.000001542E787000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
    Source: firefox.exe, 0000000E.00000003.2307032257.000001542E787000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
    Source: firefox.exe, 0000000E.00000003.2307032257.000001542E787000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
    Source: firefox.exe, 0000000E.00000003.2307032257.000001542E787000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
    Source: firefox.exe, 0000000E.00000003.2307032257.000001542E787000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
    Source: firefox.exe, 0000000E.00000003.2307032257.000001542E787000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
    Source: firefox.exe, 00000012.00000002.3289875273.000001A0152C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
    Source: firefox.exe, 0000000E.00000003.2286071959.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2136924469.000001542E43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2209683958.000001542E43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2300484785.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2263079118.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155445828.000001542E440000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
    Source: firefox.exe, 0000000E.00000003.2307032257.000001542E787000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
    Source: firefox.exe, 0000000E.00000003.2307032257.000001542E787000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
    Source: firefox.exe, 00000012.00000002.3289875273.000001A0152C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
    Source: firefox.exe, 0000000E.00000003.2286071959.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2136924469.000001542E43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2209683958.000001542E43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2300484785.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2263079118.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155445828.000001542E440000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
    Source: firefox.exe, 0000000E.00000003.2286071959.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2136924469.000001542E43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2209683958.000001542E43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2300484785.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2263079118.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155445828.000001542E440000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
    Source: firefox.exe, 0000000E.00000003.2286071959.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2136924469.000001542E43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2209683958.000001542E43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2300484785.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2263079118.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155445828.000001542E440000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
    Source: firefox.exe, 0000000E.00000003.2273989850.00000154280E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/cfworker
    Source: firefox.exe, 0000000E.00000003.2279179295.000001542E55F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236286667.000001542E55B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
    Source: firefox.exe, 0000000E.00000003.2232919319.000001542E548000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2279400032.000001542E54E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
    Source: firefox.exe, 0000000E.00000003.2232919319.000001542E548000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2279400032.000001542E54E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
    Source: firefox.exe, 0000000E.00000003.2279179295.000001542E55F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236286667.000001542E55B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
    Source: firefox.exe, 0000000E.00000003.2279179295.000001542E55F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236286667.000001542E55B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
    Source: firefox.exe, 0000000E.00000003.2113103439.0000015426653000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2111709313.000001542661D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2111177969.0000015426400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2112576038.0000015426638000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2113602594.000001542666F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
    Source: firefox.exe, 0000000E.00000003.2207437954.0000015430D97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
    Source: firefox.exe, 0000000E.00000003.2209683958.000001542E4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155445828.000001542E4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2271123843.000001542E4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2136924469.000001542E4DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
    Source: firefox.exe, 0000000E.00000003.2209683958.000001542E4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155445828.000001542E4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2271123843.000001542E4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2136924469.000001542E4DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
    Source: firefox.exe, 0000000E.00000003.2286071959.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296227899.000001542E463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2136924469.000001542E43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2209683958.000001542E43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2263079118.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2317874775.000001542E464000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155445828.000001542E440000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
    Source: firefox.exe, 0000000E.00000003.2209683958.000001542E4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155445828.000001542E4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2271123843.000001542E4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2136924469.000001542E4DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
    Source: firefox.exe, 0000000E.00000003.2262153620.0000015431BF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2293945774.0000015431BF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2282496393.0000015431BF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2315548794.0000015431BF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2192852244.0000015431ABD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2206668108.0000015431BF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2299065063.0000015431BF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2190305857.000001543136E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272706737.0000015428264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
    Source: firefox.exe, 0000000E.00000003.2304492293.000001542FCC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
    Source: firefox.exe, 0000000E.00000003.2289255997.0000015428264000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272706737.0000015428264000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2321313393.000001542826C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
    Source: firefox.exe, 0000000E.00000003.2304492293.000001542FCC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
    Source: firefox.exe, 0000000E.00000003.2304492293.000001542FCC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
    Source: firefox.exe, 0000000E.00000003.2304492293.000001542FCC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
    Source: firefox.exe, 0000000E.00000003.2304492293.000001542FCC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
    Source: prefs-1.js.14.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
    Source: firefox.exe, 0000000E.00000003.2321544054.0000015428113000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2318531901.0000015429CB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2215188728.0000015429CB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2286482684.0000015429CB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3289565862.000001B59FFBC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3289875273.000001A0152F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
    Source: firefox.exe, 0000000E.00000003.2208437696.0000015430C5F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2299776588.0000015430C5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/0d3c35f5-0dc4-4809-9651-5a83f
    Source: firefox.exe, 0000000E.00000003.2286071959.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2136924469.000001542E43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2209683958.000001542E43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2300484785.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2263079118.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155445828.000001542E440000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
    Source: firefox.exe, 0000000E.00000003.2279179295.000001542E55F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236286667.000001542E55B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2310659092.0000015428E89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264019080.0000015428E88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2156183178.0000015428E89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
    Source: firefox.exe, 0000000E.00000003.2311556194.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2322020808.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301518060.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2156401730.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2273989850.00000154280E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema.
    Source: firefox.exe, 0000000E.00000003.2311556194.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2322020808.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301518060.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2156401730.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2273989850.00000154280E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema./
    Source: firefox.exe, 0000000E.00000003.2311556194.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2322020808.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301518060.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2156401730.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2273989850.00000154280E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/
    Source: firefox.exe, 0000000E.00000003.2311556194.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2322020808.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301518060.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2156401730.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2273989850.00000154280E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
    Source: firefox.exe, 0000000E.00000003.2279179295.000001542E55F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236286667.000001542E55B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
    Source: firefox.exe, 0000000E.00000003.2279179295.000001542E55F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236286667.000001542E55B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
    Source: firefox.exe, 0000000E.00000003.2279179295.000001542E55F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236286667.000001542E55B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
    Source: firefox.exe, 0000000E.00000003.2312513945.0000015427CD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2156781975.0000015427CD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2140149264.0000015427CD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275051251.0000015427CD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2289707989.0000015427CD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2302348776.0000015427CD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2314366124.00000154273D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2144763205.0000015427C49000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2156781975.0000015427CD4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275051251.0000015427CD4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2312513945.0000015427CD4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2289707989.0000015427CD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
    Source: firefox.exe, 0000000E.00000003.2286482684.0000015429C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2215188728.0000015429C53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
    Source: firefox.exe, 0000000E.00000003.2286482684.0000015429C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2215188728.0000015429C53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
    Source: firefox.exe, 0000000E.00000003.2217593688.00000154291C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2192852244.0000015431ABD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
    Source: firefox.exe, 00000012.00000002.3289875273.000001A01528E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
    Source: firefox.exe, 0000000E.00000003.2205825448.00000154326B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2207437954.0000015430DFE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2321544054.0000015428156000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2155445828.000001542E440000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
    Source: firefox.exe, 0000000E.00000003.2273365879.0000015428224000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
    Source: firefox.exe, 0000000E.00000003.2261603191.0000015431C59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
    Source: firefox.exe, 0000000E.00000003.2273365879.0000015428224000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
    Source: firefox.exe, 0000000E.00000003.2273365879.0000015428224000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2113602594.000001542666F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
    Source: firefox.exe, 0000000E.00000003.2224237203.000001542841B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
    Source: firefox.exe, 0000000E.00000003.2299065063.0000015431BD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2206668108.0000015431BD1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295913719.0000015431BD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2282496393.0000015431BD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262153620.0000015431BD1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2293945774.0000015431BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
    Source: firefox.exe, 0000000E.00000003.2263498580.0000015429171000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2310552673.0000015429163000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000E.00000003.2261603191.0000015431C59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 0000000E.00000003.2206668108.0000015431BA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000E.00000003.2261603191.0000015431C59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 0000000E.00000003.2156781975.0000015427C3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2302348776.0000015427C3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2289707989.0000015427C3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275051251.0000015427C3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
    Source: firefox.exe, 0000000E.00000003.2156781975.0000015427C3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2302348776.0000015427C3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2289707989.0000015427C3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275051251.0000015427C3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
    Source: firefox.exe, 0000000E.00000003.2209189242.000001542E672000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262964238.000001542E674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155389179.000001542E674000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
    Source: firefox.exe, 0000000E.00000003.2304565960.000001542E944000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155445828.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3289565862.000001B59FF12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3289875273.000001A015213000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
    Source: firefox.exe, 0000000E.00000003.2304565960.000001542E944000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
    Source: firefox.exe, 0000000E.00000003.2307032257.000001542E787000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
    Source: firefox.exe, 0000000E.00000003.2307032257.000001542E787000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
    Source: firefox.exe, 0000000E.00000003.2307921952.000001542E0E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2286071959.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2136924469.000001542E43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2209683958.000001542E43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2318403859.000001542E0FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2300484785.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2263079118.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2210474381.000001542E0E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155445828.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3289565862.000001B59FFBC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3289875273.000001A0152F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
    Source: firefox.exe, 00000012.00000002.3289875273.000001A0152F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user=
    Source: firefox.exe, 0000000E.00000003.2273637605.00000154281ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2321400361.00000154281ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2311407877.00000154281ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2156262209.00000154281ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301112155.00000154281ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
    Source: firefox.exe, 0000000E.00000003.2206668108.0000015431B78000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2216545890.0000015429219000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2315766862.0000015431B7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2315997405.0000015430C10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
    Source: firefox.exe, 0000000E.00000003.2323439947.00000154273A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
    Source: firefox.exe, 0000000E.00000003.2262884838.0000015430C5F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274159142.00000154280CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2322020808.00000154280D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2311556194.00000154280CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301518060.00000154280CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2156401730.00000154280CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2323439947.00000154273A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2208437696.0000015430C5F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2299776588.0000015430C5F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
    Source: firefox.exe, 0000000E.00000003.2208495000.0000015430C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
    Source: firefox.exe, 0000000E.00000003.2234412599.00000154293B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
    Source: firefox.exe, 0000000E.00000003.2216545890.00000154292B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2319789784.00000154292C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
    Source: firefox.exe, 0000000E.00000003.2208495000.0000015430C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
    Source: firefox.exe, 0000000E.00000003.2279179295.000001542E55F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236286667.000001542E55B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
    Source: firefox.exe, 0000000E.00000003.2156401730.0000015428063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
    Source: firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
    Source: firefox.exe, 0000000E.00000003.2286071959.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296227899.000001542E463000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2136924469.000001542E43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2209683958.000001542E43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2263079118.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2317874775.000001542E464000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155445828.000001542E440000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
    Source: firefox.exe, 0000000E.00000003.2285481891.000001542E6A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155046621.000001542E6A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2136429231.000001542E6A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
    Source: firefox.exe, 0000000E.00000003.2279179295.000001542E55F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236286667.000001542E55B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
    Source: firefox.exe, 0000000E.00000003.2156401730.0000015428063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
    Source: firefox.exe, 00000010.00000002.3289799652.00000204E09CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3289565862.000001B59FFE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3293283330.000001A015305000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
    Source: firefox.exe, 0000000E.00000003.2156781975.0000015427C7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2111177969.0000015426400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2237097994.000001542E8F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2113839107.000001542668A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2112576038.0000015426638000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2273365879.000001542820D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2113602594.000001542666F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
    Source: firefox.exe, 0000000E.00000003.2282895749.000001542E937000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304565960.000001542E944000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
    Source: firefox.exe, 00000010.00000002.3289799652.00000204E09CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3289565862.000001B59FFE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3293283330.000001A015305000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
    Source: firefox.exe, 0000000E.00000003.2282895749.000001542E937000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304565960.000001542E944000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: firefox.exe, 0000000E.00000003.2282895749.000001542E937000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304565960.000001542E944000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
    Source: firefox.exe, 0000000E.00000003.2282895749.000001542E937000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304565960.000001542E944000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
    Source: firefox.exe, 0000000E.00000003.2296227899.000001542E4BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2317874775.000001542E4BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2263079118.000001542E4BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2209683958.000001542E4BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155445828.000001542E4BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2136924469.000001542E4BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2286071959.000001542E4BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
    Source: firefox.exe, 0000000E.00000003.2135395951.000001542E83C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2134088626.000001542E552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
    Source: firefox.exe, 0000000E.00000003.2113103439.0000015426653000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2111709313.000001542661D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2111177969.0000015426400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2113839107.000001542668A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2112576038.0000015426638000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2113602594.000001542666F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
    Source: firefox.exe, 0000000E.00000003.2156401730.000001542803D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2113602594.000001542666F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: firefox.exe, 0000000E.00000003.2261603191.0000015431CD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2273637605.00000154281ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2321400361.00000154281ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2311407877.00000154281ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2157248693.00000154273BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2323012147.00000154273BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2314636737.00000154273BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2156262209.00000154281ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2282895749.000001542E933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2324718303.000001542733C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301112155.00000154281ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
    Source: firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
    Source: firefox.exe, 0000000E.00000003.2208495000.0000015430C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
    Source: firefox.exe, 0000000E.00000003.2147344650.0000015427F1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2146180040.0000015427F28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
    Source: firefox.exe, 0000000E.00000003.2316379915.000001542FC3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
    Source: firefox.exe, 0000000E.00000003.2208495000.0000015430C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
    Source: firefox.exe, 0000000E.00000003.2323439947.00000154273A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
    Source: firefox.exe, 0000000E.00000003.2315997405.0000015430C10000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.14.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
    Source: firefox.exe, 0000000E.00000003.2311556194.0000015428033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2316560460.000001542E9E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2208495000.0000015430C52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2153888009.000001542E9E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
    Source: firefox.exe, 0000000E.00000003.2323439947.00000154273A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
    Source: firefox.exe, 0000000E.00000003.2208495000.0000015430C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
    Source: firefox.exe, 0000000E.00000003.2316252906.000001542FC6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
    Source: firefox.exe, 0000000E.00000003.2311556194.0000015428033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2316560460.000001542E9E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2208495000.0000015430C52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2153888009.000001542E9E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
    Source: firefox.exe, 00000010.00000002.3289799652.00000204E09CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3289565862.000001B59FFC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3289875273.000001A0152F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
    Source: firefox.exe, 0000000E.00000003.2307032257.000001542E787000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
    Source: firefox.exe, 00000012.00000002.3289875273.000001A0152F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/8
    Source: firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 0000000E.00000003.2307032257.000001542E787000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
    Source: firefox.exe, 0000000E.00000003.2311556194.0000015428033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2208495000.0000015430C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
    Source: firefox.exe, 0000000E.00000003.2286482684.0000015429C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2215188728.0000015429C53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
    Source: firefox.exe, 0000000E.00000003.2285481891.000001542E6A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155046621.000001542E6A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2136429231.000001542E6A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
    Source: firefox.exe, 0000000E.00000003.2156401730.0000015428063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
    Source: firefox.exe, 0000000E.00000003.2298404624.0000015431CE2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2192852244.0000015431ABD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261603191.0000015431CE2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2292744868.0000015431CE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
    Source: firefox.exe, 0000000E.00000003.2156401730.0000015428063000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3289565862.000001B59FF0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3289875273.000001A01520C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: firefox.exe, 0000000E.00000003.2285481891.000001542E6A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155046621.000001542E6A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2136429231.000001542E6A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
    Source: firefox.exe, 0000000E.00000003.2286482684.0000015429CDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2285852672.000001542E4E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2263079118.000001542E4E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2209683958.000001542E4E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2156401730.0000015428063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
    Source: firefox.exe, 0000000E.00000003.2219162132.0000015428CA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2317874775.000001542E464000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155445828.000001542E440000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
    Source: recovery.jsonlz4.tmp.14.drString found in binary or memory: https://youtube.com/account?=
    Source: firefox.exe, 00000012.00000002.3289387754.000001A015190000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.co
    Source: firefox.exe, 0000000E.00000003.2206668108.0000015431BA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3293543803.00000204E0A54000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3288387309.00000204E0520000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3288387309.00000204E052A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3286705975.000001B59FB7A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3286705975.000001B59FB70000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3289137247.000001B59FEB4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3289387754.000001A015194000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3287693192.000001A014D20000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3287693192.000001A014D2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 00000010.00000002.3288387309.00000204E052A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd(
    Source: firefox.exe, 0000000C.00000002.2093964373.0000018414D07000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2102718140.000001F17454F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
    Source: firefox.exe, 0000000E.00000003.2326563239.000001542626A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2326183766.00000154262CF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3293543803.00000204E0A54000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3288387309.00000204E0520000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3286705975.000001B59FB70000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3289137247.000001B59FEB4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3289387754.000001A015194000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3287693192.000001A014D20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
    Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
    Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
    Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
    Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
    Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49716 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49718 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49722 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49732 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49752 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49753 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49760 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49768 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49789 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49791 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.65.91:443 -> 192.168.2.5:49792 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49794 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49795 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49796 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49797 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49868 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49869 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49872 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49873 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49874 version: TLS 1.2
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0090EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0090EAFF
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0090ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0090ED6A
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0090EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0090EAFF
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008FAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_008FAA57
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_00929576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00929576

    System Summary

    barindex
    Binary is likely a compiled AutoIt script file
    Source: fNlxQP0jBz.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: fNlxQP0jBz.exe, 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_4582fbe7-3
    Source: fNlxQP0jBz.exe, 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_91edb241-a
    Source: fNlxQP0jBz.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_c514fc12-c
    Source: fNlxQP0jBz.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_c73d8d48-d
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001B59FE421F2 NtQuerySystemInformation,17_2_000001B59FE421F2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001B59FE493B7 NtQuerySystemInformation,17_2_000001B59FE493B7
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008FD5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_008FD5EB
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008F1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_008F1201
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008FE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_008FE8F6
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_009020460_2_00902046
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008980600_2_00898060
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008F82980_2_008F8298
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008CE4FF0_2_008CE4FF
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008C676B0_2_008C676B
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_009248730_2_00924873
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008BCAA00_2_008BCAA0
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0089CAF00_2_0089CAF0
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008ACC390_2_008ACC39
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008C6DD90_2_008C6DD9
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008991C00_2_008991C0
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008AB1190_2_008AB119
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008B13940_2_008B1394
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008B17060_2_008B1706
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008B781B0_2_008B781B
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008B19B00_2_008B19B0
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008979200_2_00897920
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008A997D0_2_008A997D
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008B7A4A0_2_008B7A4A
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008B7CA70_2_008B7CA7
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008B1C770_2_008B1C77
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008C9EEE0_2_008C9EEE
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0091BE440_2_0091BE44
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008B1F320_2_008B1F32
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001B59FE421F217_2_000001B59FE421F2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001B59FE493B717_2_000001B59FE493B7
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001B59FE4291C17_2_000001B59FE4291C
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001B59FE4223217_2_000001B59FE42232
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: String function: 00899CB3 appears 31 times
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: String function: 008AF9F2 appears 40 times
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: String function: 008B0A30 appears 46 times
    Source: fNlxQP0jBz.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal80.troj.evad.winEXE@34/36@69/12
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_009037B5 GetLastError,FormatMessageW,0_2_009037B5
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008F10BF AdjustTokenPrivileges,CloseHandle,0_2_008F10BF
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008F16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_008F16C3
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_009051CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_009051CD
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008FD4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_008FD4DC
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0090648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_0090648E
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008942A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_008942A2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6584:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3176:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6768:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6004:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4324:120:WilError_03
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
    Source: fNlxQP0jBz.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: firefox.exe, 0000000E.00000003.2207437954.0000015430D11000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;
    Source: fNlxQP0jBz.exeReversingLabs: Detection: 34%
    Source: unknownProcess created: C:\Users\user\Desktop\fNlxQP0jBz.exe "C:\Users\user\Desktop\fNlxQP0jBz.exe"
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
    Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2188 -parentBuildID 20230927232528 -prefsHandle 2132 -prefMapHandle 2124 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9a754aa-3655-4613-bcb0-b77e3b3435f5} 1532 "\\.\pipe\gecko-crash-server-pipe.1532" 1541636f110 socket
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3780 -parentBuildID 20230927232528 -prefsHandle 3448 -prefMapHandle 3084 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8366b4e-ce3b-4905-b66e-3975694fae10} 1532 "\\.\pipe\gecko-crash-server-pipe.1532" 15428c2ed10 rdd
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5132 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5124 -prefMapHandle 5060 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24de6617-596f-4cb2-aaf6-b661cea48c1c} 1532 "\\.\pipe\gecko-crash-server-pipe.1532" 15430c97110 utility
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2188 -parentBuildID 20230927232528 -prefsHandle 2132 -prefMapHandle 2124 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9a754aa-3655-4613-bcb0-b77e3b3435f5} 1532 "\\.\pipe\gecko-crash-server-pipe.1532" 1541636f110 socketJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3780 -parentBuildID 20230927232528 -prefsHandle 3448 -prefMapHandle 3084 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8366b4e-ce3b-4905-b66e-3975694fae10} 1532 "\\.\pipe\gecko-crash-server-pipe.1532" 15428c2ed10 rddJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5132 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5124 -prefMapHandle 5060 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24de6617-596f-4cb2-aaf6-b661cea48c1c} 1532 "\\.\pipe\gecko-crash-server-pipe.1532" 15430c97110 utilityJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: fNlxQP0jBz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: fNlxQP0jBz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: fNlxQP0jBz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: fNlxQP0jBz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: fNlxQP0jBz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: fNlxQP0jBz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: fNlxQP0jBz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000E.00000003.2327589402.00000154262DA000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000E.00000003.2325866108.00000154262D0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.2327589402.00000154262DA000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.2327589402.00000154262DA000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000E.00000003.2325866108.00000154262D0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 0000000E.00000003.2325761052.0000015432E01000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.2327589402.00000154262DA000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000E.00000003.2325761052.0000015432E01000.00000004.00000020.00020000.00000000.sdmp
    Source: fNlxQP0jBz.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: fNlxQP0jBz.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: fNlxQP0jBz.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: fNlxQP0jBz.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: fNlxQP0jBz.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008942DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008942DE
    Source: gmpopenh264.dll.tmp.14.drStatic PE information: section name: .rodata
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008B0A76 push ecx; ret 0_2_008B0A89
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008AF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_008AF98E
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_00921C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00921C41
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Found API chain indicative of sandbox detection
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-96690
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001B59FE421F2 rdtsc 17_2_000001B59FE421F2
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeAPI coverage: 3.8 %
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008FDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_008FDBBE
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008CC2A2 FindFirstFileExW,0_2_008CC2A2
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_009068EE FindFirstFileW,FindClose,0_2_009068EE
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0090698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0090698F
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008FD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_008FD076
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008FD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_008FD3A9
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_00909642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00909642
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0090979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0090979D
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_00909B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00909B2B
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_00905C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00905C97
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008942DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008942DE
    Source: firefox.exe, 00000010.00000002.3294451750.00000204E0C00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllo
    Source: firefox.exe, 00000010.00000002.3294451750.00000204E0C00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3288387309.00000204E052A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3286705975.000001B59FB7A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3292670141.000001B5A0460000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3287693192.000001A014D2A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3289292646.000001A015000000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: firefox.exe, 00000010.00000002.3293872260.00000204E0B12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
    Source: firefox.exe, 00000011.00000002.3292670141.000001B5A0460000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllj
    Source: firefox.exe, 00000010.00000002.3294451750.00000204E0C00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllK
    Source: firefox.exe, 00000010.00000002.3294451750.00000204E0C00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllL
    Source: firefox.exe, 00000010.00000002.3294451750.00000204E0C00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3292670141.000001B5A0460000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001B59FE421F2 rdtsc 17_2_000001B59FE421F2
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0090EAA2 BlockInput,0_2_0090EAA2
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008C2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_008C2622
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008942DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008942DE
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008B4CE8 mov eax, dword ptr fs:[00000030h]0_2_008B4CE8
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008F0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_008F0B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008C2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_008C2622
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008B083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_008B083F
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008B09D5 SetUnhandledExceptionFilter,0_2_008B09D5
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008B0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_008B0C21
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008F1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_008F1201
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008D2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_008D2BA5
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008FB226 SendInput,keybd_event,0_2_008FB226
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_009122DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_009122DA
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008F0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_008F0B62
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008F1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_008F1663
    Source: fNlxQP0jBz.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: fNlxQP0jBz.exeBinary or memory string: Shell_TrayWnd
    Source: firefox.exe, 0000000E.00000003.2202530335.0000015432E01000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hSoftware\Policies\Microsoft\Windows\PersonalizationNoChangingStartMenuBackgroundPersonalColors_BackgroundWilStaging_02RtlDisownModuleHeapAllocationRtlQueryFeatureConfigurationRtlRegisterFeatureConfigurationChangeNotificationRtlSubscribeWnfStateChangeNotificationRtlDllShutdownInProgressntdll.dllNtQueryWnfStateDataLocal\SM0:%d:%d:%hs_p0Local\SessionImmersiveColorPreferenceBEGINTHMthmfile\Sessions\%d\Windows\ThemeSectionMessageWindowendthemewndThemeApiConnectionRequest\ThemeApiPortwinsta0SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\PersonalizeAppsUseLightThemeSystemUsesLightThemedefaultshell\themes\uxtheme\render.cppCompositedWindow::WindowdeletedrcacheMDIClientSoftware\Microsoft\Windows\DWMColorPrevalenceSoftware\Microsoft\Windows\CurrentVersion\ImmersiveShellTabletModeMENUAccentColorSoftware\Microsoft\Windows\CurrentVersion\Explorer\AccentDefaultStartColorControl Panel\DesktopAutoColorizationAccentColorMenuStartColorMenuAutoColorSoftware\Microsoft\Windows\CurrentVersion\Themes\History\ColorsSoftware\Microsoft\Windows\CurrentVersion\Themes\HistoryAccentPaletteTab$Shell_TrayWndLocal\SessionImmersiveColorMutex
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008B0698 cpuid 0_2_008B0698
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008ED21C GetLocalTime,0_2_008ED21C
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008ED27A GetUserNameW,0_2_008ED27A
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008CB952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_008CB952
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_008942DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008942DE

    Stealing of Sensitive Information

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: fNlxQP0jBz.exe PID: 5004, type: MEMORYSTR
    Source: fNlxQP0jBz.exeBinary or memory string: WIN_81
    Source: fNlxQP0jBz.exeBinary or memory string: WIN_XP
    Source: fNlxQP0jBz.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: fNlxQP0jBz.exeBinary or memory string: WIN_XPe
    Source: fNlxQP0jBz.exeBinary or memory string: WIN_VISTA
    Source: fNlxQP0jBz.exeBinary or memory string: WIN_7
    Source: fNlxQP0jBz.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: fNlxQP0jBz.exe PID: 5004, type: MEMORYSTR
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_00911204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00911204
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_00911806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00911806

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts    		1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		1
    Exploitation for Privilege Escalation    		2
    Disable or Modify Tools    		21
    Input Capture    		2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		2
    Ingress Tool Transfer    		Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API    		2
    Valid Accounts    		1
    DLL Side-Loading    		1
    Deobfuscate/Decode Files or Information    		LSASS Memory1
    Account Discovery    		Remote Desktop Protocol21
    Input Capture    		12
    Encrypted Channel    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Extra Window Memory Injection    		2
    Obfuscated Files or Information    		Security Account Manager2
    File and Directory Discovery    		SMB/Windows Admin Shares3
    Clipboard Data    		2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
    Valid Accounts    		1
    DLL Side-Loading    		NTDS16
    System Information Discovery    		Distributed Component Object ModelInput Capture3
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
    Access Token Manipulation    		1
    Extra Window Memory Injection    		LSA Secrets131
    Security Software Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
    Process Injection    		1
    Masquerading    		Cached Domain Credentials1
    Virtualization/Sandbox Evasion    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
    Valid Accounts    		DCSync3
    Process Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    Virtualization/Sandbox Evasion    		Proc Filesystem1
    Application Window Discovery    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
    Access Token Manipulation    		/etc/passwd and /etc/shadow1
    System Owner/User Discovery    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
    Process Injection    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1576055 Sample: fNlxQP0jBz.exe Startdate: 16/12/2024 Architecture: WINDOWS Score: 80 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Antivirus / Scanner detection for submitted sample 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 Yara detected Credential Flusher 2->61 63 3 other signatures 2->63 8 fNlxQP0jBz.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 226 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 youtube.com 142.250.181.78, 443, 49712, 49713 GOOGLEUS United States 19->51 53 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49714, 49719, 49724 GOOGLEUS United States 19->53 55 10 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    fNlxQP0jBz.exe34%ReversingLabsWin32.Trojan.Amadey
    fNlxQP0jBz.exe100%AviraTR/ATRAPS.Gen
    fNlxQP0jBz.exe100%Joe Sandbox ML

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    example.org
    		93.184.215.14
    		truefalse
      		high
      star-mini.c10r.facebook.com
      		157.240.196.35
      		truefalse
        		high
        prod.classify-client.prod.webservices.mozgcp.net
        		35.190.72.216
        		truefalse
          		high
          prod.balrog.prod.cloudops.mozgcp.net
          		35.244.181.201
          		truefalse
            		high
            twitter.com
            		104.244.42.193
            		truefalse
              		high
              prod.detectportal.prod.cloudops.mozgcp.net
              		34.107.221.82
              		truefalse
                		high
                services.addons.mozilla.org
                		151.101.65.91
                		truefalse
                  		high
                  dyna.wikimedia.org
                  		185.15.58.224
                  		truefalse
                    		high
                    prod.remote-settings.prod.webservices.mozgcp.net
                    		34.149.100.209
                    		truefalse
                      		high
                      contile.services.mozilla.com
                      		34.117.188.166
                      		truefalse
                        		high
                        youtube.com
                        		142.250.181.78
                        		truefalse
                          		high
                          prod.content-signature-chains.prod.webservices.mozgcp.net
                          		34.160.144.191
                          		truefalse
                            		high
                            youtube-ui.l.google.com
                            		172.217.19.206
                            		truefalse
                              		high
                              us-west1.prod.sumo.prod.webservices.mozgcp.net
                              		34.149.128.2
                              		truefalse
                                		high
                                reddit.map.fastly.net
                                		151.101.1.140
                                		truefalse
                                  		high
                                  ipv4only.arpa
                                  		192.0.0.170
                                  		truefalse
                                    		high
                                    prod.ads.prod.webservices.mozgcp.net
                                    		34.117.188.166
                                    		truefalse
                                      		high
                                      push.services.mozilla.com
                                      		34.107.243.93
                                      		truefalse
                                        		high
                                        normandy-cdn.services.mozilla.com
                                        		35.201.103.21
                                        		truefalse
                                          		high
                                          telemetry-incoming.r53-2.services.mozilla.com
                                          		34.120.208.123
                                          		truefalse
                                            		high
                                            www.reddit.com
                                            		unknown
                                            		unknownfalse
                                              		high
                                              spocs.getpocket.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                content-signature-2.cdn.mozilla.net
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  support.mozilla.org
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    firefox.settings.services.mozilla.com
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      www.youtube.com
                                                      		unknown
                                                      		unknownfalse
                                                        		high
                                                        www.facebook.com
                                                        		unknown
                                                        		unknownfalse
                                                          		high
                                                          detectportal.firefox.com
                                                          		unknown
                                                          		unknownfalse
                                                            		high
                                                            normandy.cdn.mozilla.net
                                                            		unknown
                                                            		unknownfalse
                                                              		high
                                                              shavar.services.mozilla.com
                                                              		unknown
                                                              		unknownfalse
                                                                		high
                                                                www.wikipedia.org
                                                                		unknown
                                                                		unknownfalse
                                                                  		high

                                                                  URLs from Memory and Binaries

                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000012.00000002.3289875273.000001A0152C3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://detectportal.firefox.com/firefox.exe, 0000000E.00000003.2273365879.0000015428224000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          https://datastudio.google.com/embed/reporting/firefox.exe, 0000000E.00000003.2217593688.00000154291C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2192852244.0000015431ABD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.mozilla.com0gmpopenh264.dll.tmp.14.drfalse
                                                                              		high
                                                                              https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 0000000E.00000003.2279179295.000001542E55F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236286667.000001542E55B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.firefox.exe, 00000010.00000002.3289799652.00000204E09CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3289565862.000001B59FFE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3293283330.000001A015305000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                  		high
                                                                                  https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000012.00000002.3289875273.000001A01528E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://json-schema.org/draft/2019-09/schema.firefox.exe, 0000000E.00000003.2311556194.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2322020808.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301518060.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2156401730.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2273989850.00000154280E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://spocs.getpocket.com/spocsfirefox.exe, 0000000E.00000003.2304565960.000001542E944000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://shavar.services.mozilla.comfirefox.exe, 0000000E.00000003.2263498580.0000015429171000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://completion.amazon.com/search/complete?q=firefox.exe, 0000000E.00000003.2113103439.0000015426653000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2111709313.000001542661D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2111177969.0000015426400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2113839107.000001542668A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2112576038.0000015426638000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2113602594.000001542666F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 0000000E.00000003.2304492293.000001542FCC7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://monitor.firefox.com/breach-details/firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://github.com/w3c/csswg-drafts/issues/4650firefox.exe, 0000000E.00000003.2209683958.000001542E4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155445828.000001542E4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2271123843.000001542E4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2136924469.000001542E4DE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000E.00000003.2156781975.0000015427C7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2111177969.0000015426400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2237097994.000001542E8F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2113839107.000001542668A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2112576038.0000015426638000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2273365879.000001542820D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2113602594.000001542666F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.msn.comfirefox.exe, 0000000E.00000003.2286482684.0000015429C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2215188728.0000015429C53000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000E.00000003.2113103439.0000015426653000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2111709313.000001542661D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2111177969.0000015426400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2112576038.0000015426638000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2113602594.000001542666F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://youtube.com/firefox.exe, 0000000E.00000003.2219162132.0000015428CA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2317874775.000001542E464000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155445828.000001542E440000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://content-signature-2.cdn.mozilla.net/firefox.exe, 0000000E.00000003.2321544054.0000015428156000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://json-schema.org/draft/2020-12/schema/=firefox.exe, 0000000E.00000003.2311556194.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2322020808.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301518060.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2156401730.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2273989850.00000154280E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 0000000E.00000003.2316252906.000001542FC6F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://api.accounts.firefox.com/v1firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://www.amazon.com/firefox.exe, 0000000E.00000003.2156401730.0000015428063000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2firefox.exe, 0000000E.00000003.2261603191.0000015431C59000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullScfirefox.exe, 0000000E.00000003.2207437954.0000015430D39000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://www.youtube.com/firefox.exe, 0000000E.00000003.2156401730.0000015428063000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3289565862.000001B59FF0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3289875273.000001A01520C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 0000000E.00000003.2193269242.00000154313C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://MD8.mozilla.org/1/mfirefox.exe, 0000000E.00000003.2306242850.000001542E92F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2282895749.000001542E92E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 0000000E.00000003.2316252906.000001542FC6F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000012.00000002.3289875273.000001A0152C3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://127.0.0.1:firefox.exe, 0000000E.00000003.2319612721.00000154292DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2216545890.00000154292DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 0000000E.00000003.2192570882.0000015431ADE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 0000000E.00000003.2224237203.000001542841B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://bugzilla.mofirefox.exe, 0000000E.00000003.2316379915.000001542FC3C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://mitmdetection.services.mozilla.com/firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://youtube.com/account?=recovery.jsonlz4.tmp.14.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://shavar.services.mozilla.com/firefox.exe, 0000000E.00000003.2310552673.0000015429163000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBLfirefox.exe, 0000000E.00000003.2208495000.0000015430C52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&reffirefox.exe, 00000010.00000002.3289799652.00000204E09CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3289565862.000001B59FFE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3293283330.000001A015305000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477firefox.exe, 00000010.00000002.3289799652.00000204E09CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3289565862.000001B59FFE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3293283330.000001A015305000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 0000000E.00000003.2207437954.0000015430D39000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://spocs.getpocket.com/firefox.exe, 0000000E.00000003.2304565960.000001542E944000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155445828.000001542E440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3289565862.000001B59FF12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3289875273.000001A015213000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://youtube.com/account?=https://accounts.google.cofirefox.exe, 00000012.00000002.3289387754.000001A015190000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://bugzilla.mozilla.org/show_bug.cgi?id=1584464firefox.exe, 0000000E.00000003.2209683958.000001542E4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155445828.000001542E4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2271123843.000001542E4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2136924469.000001542E4DE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://a9.com/-/spec/opensearch/1.0/firefox.exe, 0000000E.00000003.2324718303.0000015427340000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiprefs-1.js.14.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://monitor.firefox.com/user/dashboardfirefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://monitor.firefox.com/aboutfirefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://mozilla.org/MPL/2.0/.firefox.exe, 0000000E.00000003.2232919319.000001542E548000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2167672520.0000015427AD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2231523555.00000154287C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2136924469.000001542E4B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2291665792.00000154278DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2280985876.0000015427BC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155046621.000001542E6C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2249657837.00000154234FC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2226186934.00000154285E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2161367255.0000015428455000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2225533368.00000154284E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236286667.000001542E5D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2270028023.0000015428535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2136429231.000001542E6C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2114558439.0000015426760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2165790472.0000015431A69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2218023756.0000015428DF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2280985876.0000015427BDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2279571691.00000154284C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2122590156.0000015427BCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2231337077.0000015428743000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://account.bellmedia.cfirefox.exe, 0000000E.00000003.2286482684.0000015429C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2215188728.0000015429C53000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://login.microsoftonline.comfirefox.exe, 0000000E.00000003.2286482684.0000015429C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2215188728.0000015429C53000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://coverage.mozilla.orgfirefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.14.drfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://www.zhihu.com/firefox.exe, 0000000E.00000003.2285481891.000001542E6A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155046621.000001542E6A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2136429231.000001542E6A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        http://x1.c.lencr.org/0firefox.exe, 0000000E.00000003.2271406483.00000154291EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2217411779.00000154291EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2209336273.000001542E65A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          http://x1.i.lencr.org/0firefox.exe, 0000000E.00000003.2271406483.00000154291EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2217411779.00000154291EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2209336273.000001542E65A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            http://a9.com/-/spec/opensearch/1.1/firefox.exe, 0000000E.00000003.2324718303.0000015427340000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 0000000E.00000003.2279179295.000001542E55F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236286667.000001542E55B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://blocked.cdn.mozilla.net/firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredfirefox.exe, 0000000E.00000003.2288304448.00000154289B7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://json-schema.org/draft/2019-09/schemafirefox.exe, 0000000E.00000003.2310659092.0000015428E89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264019080.0000015428E88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2156183178.0000015428E89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://duckduckgo.com/?t=ffab&q=firefox.exe, 0000000E.00000003.2261603191.0000015431CD3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://profiler.firefox.comfirefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://bugzilla.mozilla.org/show_bug.cgi?id=793869firefox.exe, 0000000E.00000003.2191510535.0000015431AF8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://identity.mozilla.com/apps/relayfirefox.exe, 0000000E.00000003.2289255997.0000015428264000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272706737.0000015428264000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2321313393.000001542826C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 0000000E.00000003.2216545890.00000154292B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2319789784.00000154292C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 0000000E.00000003.2192570882.0000015431ADE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2193269242.00000154313C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                    https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/firefox.exe, 0000000E.00000003.2316252906.000001542FC6F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                      https://contile.services.mozilla.com/v1/tilesfirefox.exe, 0000000E.00000003.2208712524.000001542E6C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275051251.0000015427C6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2313245836.0000015427C6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                        https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/firefox.exe, 0000000E.00000003.2208151277.0000015430CFB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                          https://monitor.firefox.com/user/preferencesfirefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                            https://screenshots.firefox.com/firefox.exe, 0000000E.00000003.2113602594.000001542666F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                                              https://www.google.com/searchfirefox.exe, 0000000E.00000003.2156401730.000001542803D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2113602594.000001542666F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                                https://gpuweb.github.io/gpuweb/firefox.exe, 0000000E.00000003.2209683958.000001542E4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2155445828.000001542E4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2271123843.000001542E4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2136924469.000001542E4DE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                                  https://relay.firefox.com/api/v1/firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                                    http://json-schema.org/draft-07/schema#-firefox.exe, 0000000E.00000003.2311556194.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2322020808.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301518060.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2156401730.00000154280E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2273989850.00000154280E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-reportfirefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                                        https://topsites.services.mozilla.com/cid/firefox.exe, 00000010.00000002.3289026534.00000204E0650000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3287690679.000001B59FCB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3288719950.000001A014DF0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                          		high

                                                                                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                          34.149.100.209
                                                                                                                                                                                                                                                                          		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                          34.107.243.93
                                                                                                                                                                                                                                                                          		push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          151.101.65.91
                                                                                                                                                                                                                                                                          		services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                          		54113FASTLYUSfalse
                                                                                                                                                                                                                                                                          34.107.221.82
                                                                                                                                                                                                                                                                          		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          35.244.181.201
                                                                                                                                                                                                                                                                          		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.117.188.166
                                                                                                                                                                                                                                                                          		contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                          35.201.103.21
                                                                                                                                                                                                                                                                          		normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          35.190.72.216
                                                                                                                                                                                                                                                                          		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          142.250.181.78
                                                                                                                                                                                                                                                                          		youtube.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.160.144.191
                                                                                                                                                                                                                                                                          		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                          34.120.208.123
                                                                                                                                                                                                                                                                          		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse

                                                                                                                                                                                                                                                                          Private

                                                                                                                                                                                                                                                                          IP
                                                                                                                                                                                                                                                                          127.0.0.1

                                                                                                                                                                                                                                                                          General Information

                                                                                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                          Analysis ID:1576055
                                                                                                                                                                                                                                                                          Start date and time:2024-12-16 13:43:14 +01:00
                                                                                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                          Overall analysis duration:0h 7m 22s
                                                                                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                          Number of analysed new started processes analysed:21
                                                                                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                          Sample name:fNlxQP0jBz.exe
                                                                                                                                                                                                                                                                          renamed because original name is a hash value
                                                                                                                                                                                                                                                                          Original Sample Name:687bbf73e7b900ff5d46c6c2d23c6a40.exe
                                                                                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                                                                                          Classification:mal80.troj.evad.winEXE@34/36@69/12
                                                                                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                                                                                          • Successful, ratio: 40%
                                                                                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                                                                                          • Successful, ratio: 97%
                                                                                                                                                                                                                                                                          • Number of executed functions: 49
                                                                                                                                                                                                                                                                          • Number of non-executed functions: 292
                                                                                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                                                                                          • Found application associated with file extension: .exe

                                                                                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 44.228.225.150, 54.213.181.160, 35.85.93.176, 142.250.181.142, 88.221.134.155, 88.221.134.209, 172.217.17.74, 142.250.181.138, 23.218.208.109, 20.109.210.53, 13.107.246.63
                                                                                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, slscr.update.microsoft.com, otelrules.azureedge.net, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, safebrowsing.googleapis.com, location.services.mozilla.com
                                                                                                                                                                                                                                                                          • Execution Graph export aborted for target firefox.exe, PID 1532 because there are no executed function
                                                                                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                                          • VT rate limit hit for: fNlxQP0jBz.exe

                                                                                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                                                                                                                          07:44:19API Interceptor1x Sleep call for process: firefox.exe modified

                                                                                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                                                                                          IPs

                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                          34.117.188.166LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                              P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                    mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                          nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                            6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                              34.149.100.209LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                    mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                      mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                        nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                            nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                              6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                                                                  151.101.65.91P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                    mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                      6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                Pl8Tb06C8A.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                      Domains

                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                      example.orgLbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, DCRat, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousAmadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      star-mini.c10r.facebook.comLbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, DCRat, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                      https://afw.soundestlink.com/ce/c/675c127e5a5226f9e7b86686/675c13ae85cd17d1e3e2ab54/675c13c9f9a08fb1fbb3e577?signature=3f4d77f7452e61cf1e0cb9ce4a3540d02af0944caf975b089573a2fc1d891103Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                      Herinnering.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                      P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                      P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                      mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                      mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                      https://zde.soundestlink.com/ce/c/675fab7ba82aca38b8d991e6/675fabf585cd17d1e3e2bb78/675fac13057112d43b540576?signature=da009f44f7cd45aeae4fbb5addf15ac91fbf725bb5e9405183f25bf1db8c8baaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                      https://fsharetv.co/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                      twitter.comLbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, DCRat, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                      P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                      P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                      mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                      mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                      nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                      6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                      nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                      6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.193

                                                                                                                                                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                      GOOGLE-AS-APGoogleAsiaPacificPteLtdSGLbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      1734347766284d20dc9a2ac535c59f41881efe888891552ad79abf01710e07a6dadfae2b13366.dat-decoded.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                      1734347766284d20dc9a2ac535c59f41881efe888891552ad79abf01710e07a6dadfae2b13366.dat-decoded.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      arm6.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.135.65
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      FASTLYUSLbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                      https://www.sendspace.com/pro/dl/m2hhc1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                      https://protect.checkpoint.com/v2/r02/___https://url1251.popmenu.com/qxdhqnhp?zus=z556.WRHPCjsgt/tA51B6LI9w4BubTYwM5p/-7KrggkVEpmPU5/oVFKKM8Rk6rAnqtQtILc2Q2H_3u9DiXC41Sfynx8MyN*~*gGwOol/aO3BY*~*pgD37kbc4-7KGmCSO4DHGqcB*~*D2S053knP-7G*~*y37ScDgrX/lhFDF7r7h5Gwz-7GtvZLu*~*h33zX5RXwSF0oDJX34CSZAvVXm4AFQJ-7Gq-7KxI/mcm4qvQmbxushMLQI9uHWfHKaPI5mifSCu5iVBRcvqUxu7JB4CzzH*~*tp7hI*~*P2JxcRqKbjQDa1m4EV2vJju-7KXGYhKkA/NMg4b3nlprWADF7NLfLtJTf5xKVlxz1PBE*~*XIwKJANjSZxzJHsTEzwI07xTpBPmh9cjRp3bNxF-8I___.YzJlOm1zbm90aWZ5OmM6bzphNDQ0NjUwYTgwNjk4YzE1YzQzODY0NjgzZWZkNGFjNzo3Ojk1N2U6NjEyMTFiMTNiOTljZDFhYmUzOWRiNzM5NDE0NGE3NDNhMDJkZjlhMmI1NzgzMzhlZTAwMjhmZTBkODVlNWNmZDpoOlQ6VAGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.130.137
                                                                                                                                                                                                                                                                                                                                      https://www.sendspace.com/pro/dl/m2hhc1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.2.137
                                                                                                                                                                                                                                                                                                                                      http://oszhjzefz.trackbest.clickGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.66.137
                                                                                                                                                                                                                                                                                                                                      https://afw.soundestlink.com/ce/c/675c127e5a5226f9e7b86686/675c13ae85cd17d1e3e2ab54/675c13c9f9a08fb1fbb3e577?signature=3f4d77f7452e61cf1e0cb9ce4a3540d02af0944caf975b089573a2fc1d891103Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.2.137
                                                                                                                                                                                                                                                                                                                                      http://898.tv/LantekqsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                      P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                      P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                      ATGS-MMD-ASUSLbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                      • 32.173.232.211
                                                                                                                                                                                                                                                                                                                                      i486.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                      • 32.166.191.50
                                                                                                                                                                                                                                                                                                                                      sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                      • 51.231.242.135
                                                                                                                                                                                                                                                                                                                                      arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                                                      • 51.61.215.198
                                                                                                                                                                                                                                                                                                                                      arm4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.130.193.5
                                                                                                                                                                                                                                                                                                                                      mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                      • 48.88.173.144
                                                                                                                                                                                                                                                                                                                                      ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                      • 48.184.59.188
                                                                                                                                                                                                                                                                                                                                      i686.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                      • 57.132.226.210
                                                                                                                                                                                                                                                                                                                                      mpsl.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                                                      • 48.202.46.156

                                                                                                                                                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                      fb0aa01abe9d8e4037eb3473ca6e2dcaLbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123

                                                                                                                                                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                            mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                              mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                    nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                          C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_2bf99ef3-f13d-40ee-88b0-168f36d74bed.json (copy)

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.177898961760111
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:192:IKMX1BCcbhbVbTbfbRbObtbyEl7ngryJA6wnSrDtTkd/SP:IPScNhnzFSJArhjnSrDhkd/i
                                                                                                                                                                                                                                                                                                                                                          MD5:AF0577E6DFF9E1B607784A9D7D561B35
                                                                                                                                                                                                                                                                                                                                                          SHA1:5B499EEBACB0F70CFC53B312D782B8D6CA580FEA
                                                                                                                                                                                                                                                                                                                                                          SHA-256:197F2CC3421FE8853D7D706928AF085F636C60EFA06E04A6F95231879130D288
                                                                                                                                                                                                                                                                                                                                                          SHA-512:404C3ABC2D2303987823EC0DC8D980FDAB47BE198F2705423EE98EBC5FC7FA799CD1BE3385AC7277B756CB3B07ABC2C61A29635C929F96EA933E82CA005DE668
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"type":"uninstall","id":"2bf99ef3-f13d-40ee-88b0-168f36d74bed","creationDate":"2024-12-16T14:00:11.455Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                          C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_2bf99ef3-f13d-40ee-88b0-168f36d74bed.json.tmp

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.177898961760111
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:192:IKMX1BCcbhbVbTbfbRbObtbyEl7ngryJA6wnSrDtTkd/SP:IPScNhnzFSJArhjnSrDhkd/i
                                                                                                                                                                                                                                                                                                                                                          MD5:AF0577E6DFF9E1B607784A9D7D561B35
                                                                                                                                                                                                                                                                                                                                                          SHA1:5B499EEBACB0F70CFC53B312D782B8D6CA580FEA
                                                                                                                                                                                                                                                                                                                                                          SHA-256:197F2CC3421FE8853D7D706928AF085F636C60EFA06E04A6F95231879130D288
                                                                                                                                                                                                                                                                                                                                                          SHA-512:404C3ABC2D2303987823EC0DC8D980FDAB47BE198F2705423EE98EBC5FC7FA799CD1BE3385AC7277B756CB3B07ABC2C61A29635C929F96EA933E82CA005DE668
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"type":"uninstall","id":"2bf99ef3-f13d-40ee-88b0-168f36d74bed","creationDate":"2024-12-16T14:00:11.455Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                          MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                          SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                          SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                          SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):453023
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                                                                                                          MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                                                                                                          SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                                                                                                          SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                                                                                                          SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.921477062791314
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:48:YnSwkmrOVPUFRbOdwNIOdoWLEWLtkDZuwpx5FBvipA6kb92the6LuhakNlV99xeh:8S+OVPUFRbOdwNIOdYpjvY1Q6LID8P
                                                                                                                                                                                                                                                                                                                                                          MD5:295267CECDED1501F997713FF8855A7A
                                                                                                                                                                                                                                                                                                                                                          SHA1:AF8EA1FCA2CA151A874BE6B392CE6292E8D3FEF1
                                                                                                                                                                                                                                                                                                                                                          SHA-256:3197A32ACFA8211237153DDDCB164C1A7028C5D8C936AF16DBC04D25B0D028D8
                                                                                                                                                                                                                                                                                                                                                          SHA-512:30E971DEB74F68A4590F5452886BEF7C54ADF0B1769CB2498B21A34F609964D452FE9550C8C8E7E3BCC3D43E6974818217EBE845F5A705E8BAD9E5AE91B2748B
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-04T13:40:33.697Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.921477062791314
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:48:YnSwkmrOVPUFRbOdwNIOdoWLEWLtkDZuwpx5FBvipA6kb92the6LuhakNlV99xeh:8S+OVPUFRbOdwNIOdYpjvY1Q6LID8P
                                                                                                                                                                                                                                                                                                                                                          MD5:295267CECDED1501F997713FF8855A7A
                                                                                                                                                                                                                                                                                                                                                          SHA1:AF8EA1FCA2CA151A874BE6B392CE6292E8D3FEF1
                                                                                                                                                                                                                                                                                                                                                          SHA-256:3197A32ACFA8211237153DDDCB164C1A7028C5D8C936AF16DBC04D25B0D028D8
                                                                                                                                                                                                                                                                                                                                                          SHA-512:30E971DEB74F68A4590F5452886BEF7C54ADF0B1769CB2498B21A34F609964D452FE9550C8C8E7E3BCC3D43E6974818217EBE845F5A705E8BAD9E5AE91B2748B
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-04T13:40:33.697Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 26944 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):6071
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.61263436125208
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:96:72YbKsKNU2xWrp327tGmD4wBON6hCY9rI7hlSAJVrfzjZXjkTndS12opTaM:7Tx2x2t0FDJ4NF6ILDfzjtedh6TX
                                                                                                                                                                                                                                                                                                                                                          MD5:FD36D36BC5077FC3D16CD68CC7FFC65A
                                                                                                                                                                                                                                                                                                                                                          SHA1:2111D7339EA8F94FC7F4F8E2964ABDBE6198F90B
                                                                                                                                                                                                                                                                                                                                                          SHA-256:3A65636ABBCBF9BC2447FEA1BCE9BFC0E6DACD10D5721D21D670A537FFF0D545
                                                                                                                                                                                                                                                                                                                                                          SHA-512:074547A0C2D572BA22D27A4EC3A0957C27B72E732D0ED37501C30A9657CAD258584819D3A92215B52638888D9FC0682E871F454B0ECBFC75373CBAE38DA4D656
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.@i....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 26944 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):6071
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.61263436125208
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:96:72YbKsKNU2xWrp327tGmD4wBON6hCY9rI7hlSAJVrfzjZXjkTndS12opTaM:7Tx2x2t0FDJ4NF6ILDfzjtedh6TX
                                                                                                                                                                                                                                                                                                                                                          MD5:FD36D36BC5077FC3D16CD68CC7FFC65A
                                                                                                                                                                                                                                                                                                                                                          SHA1:2111D7339EA8F94FC7F4F8E2964ABDBE6198F90B
                                                                                                                                                                                                                                                                                                                                                          SHA-256:3A65636ABBCBF9BC2447FEA1BCE9BFC0E6DACD10D5721D21D670A537FFF0D545
                                                                                                                                                                                                                                                                                                                                                          SHA-512:074547A0C2D572BA22D27A4EC3A0957C27B72E732D0ED37501C30A9657CAD258584819D3A92215B52638888D9FC0682E871F454B0ECBFC75373CBAE38DA4D656
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.@i....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json (copy)

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                          MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                          SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                          SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                          SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json.tmp

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                          MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                          SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                          SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                          SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\content-prefs.sqlite

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):262144
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.04905141882491872
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                                                                                                                                                                                                                                                                                                                          MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                                                                                                                                                                                                                                                                                                                          SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                                                                                                                                                                                                                                                                                                                          SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                                                                                                                                                                                                                                                                                                                          SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                          MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                          SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                          SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                          SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                          MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                          SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                          SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                          SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extensions.json (copy)

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.1867463390487
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                                                                                                                                                                                                                                                                                                                                                          MD5:98875950B62B398FFE70C0A8D0998017
                                                                                                                                                                                                                                                                                                                                                          SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                                                                                                                                                                                                                                                                                                                                                          SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                                                                                                                                                                                                                                                                                                                                                          SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extensions.json.tmp

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.1867463390487
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                                                                                                                                                                                                                                                                                                                                                          MD5:98875950B62B398FFE70C0A8D0998017
                                                                                                                                                                                                                                                                                                                                                          SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                                                                                                                                                                                                                                                                                                                                                          SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                                                                                                                                                                                                                                                                                                                                                          SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\favicons.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                          MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                          SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                          SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                          SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                          MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                          SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                          SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                          SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                          • Filename: LbgqLv7gT7.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: P0HV8mjHS1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: P0HV8mjHS1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: mdPov8VTwi.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: mdPov8VTwi.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: nmy4mJXEaz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: 6eftz6UKDm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: nmy4mJXEaz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: 6eftz6UKDm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                          MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                          SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                          SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                          SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                          MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                          SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                          SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                          SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                          MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                          SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                          SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                          SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\permissions.sqlite

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):98304
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.07329290564909156
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zki:DLhesh7Owd4+ji
                                                                                                                                                                                                                                                                                                                                                          MD5:3D5F671C0F04D12F975C489D5E96536E
                                                                                                                                                                                                                                                                                                                                                          SHA1:EE41D5B1C1E6D09EA7E6ABC668D4421D5A604450
                                                                                                                                                                                                                                                                                                                                                          SHA-256:363F38138E741CDDE906176FA49488B758E29EEE1281C90B7CA2AC6BFCF428F1
                                                                                                                                                                                                                                                                                                                                                          SHA-512:7D39FCB0150F820BBBDB1AA41960FDB39FE2D221E19521F7B18467478C5EAC0A0B47B753A8B087235C3C2D5C408E73609CF58455D9EB6DFCE38D451EFA458F9A
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.035699946889726504
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:GtlstF8iscxcAGpMPlstF8iscxcAGpzlllT89//alEl:GtWt+Wx+pMPWt+Wx+pF89XuM
                                                                                                                                                                                                                                                                                                                                                          MD5:073394D5387BA478176B86DBC666B1DA
                                                                                                                                                                                                                                                                                                                                                          SHA1:9548568F36C24053065E0F430FC7B03EA60CB1AD
                                                                                                                                                                                                                                                                                                                                                          SHA-256:246DD139A0DC759941504EC37C461C1ACCB534BF674BE401D9B73D1CF2C75F53
                                                                                                                                                                                                                                                                                                                                                          SHA-512:CE211F7C076F114EEC782493F7BD84C7A99186E956B9C0A156A863BD3F1394C179323C52EA7956751CD54566AF2E3455C4C7B10A1D51C8A814296CED4A4CA401
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:..-......................G...?..%.Ty..S3......4..-......................G...?..%.Ty..S3......4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):32824
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.04004211531425465
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:Ol1xCDf6q/o3Av5wvP7l8rEXsxdwhml8XW3R2:KXnDl8dMhm93w
                                                                                                                                                                                                                                                                                                                                                          MD5:376D1EC84F7B609F473637D268D0C92B
                                                                                                                                                                                                                                                                                                                                                          SHA1:A97EC22CB3686E04EF9B8844FA8590FC07ED0976
                                                                                                                                                                                                                                                                                                                                                          SHA-256:6881101B4D9C001229A959E7EBA980FA2448DE4D593110740181709DE51EC29A
                                                                                                                                                                                                                                                                                                                                                          SHA-512:7F19A1F3C55BAC4BF70DEB56E603ECECA668C5AE78851EA7CEEA2536F4FF1CF0839CF1538896CC5D2D1DEB569FE1044EC9833A05265A911412783148FB9C19C0
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:7....-..........%.Ty..S3O..8:...........%.Ty..S3..G.?.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs-1.js

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):13187
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.478020522470597
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:192:0hC41UhPEnPOeRnLYbBp6fkJ0aX+G6SEXKonlKN+le5RHWNBw8d9Sl:SDeJJU9f0zHEwC0
                                                                                                                                                                                                                                                                                                                                                          MD5:AB21E1E2C4F2D55696E373CC197D4757
                                                                                                                                                                                                                                                                                                                                                          SHA1:C3830B41C66DBE2038E795EEA4027D85E71E7758
                                                                                                                                                                                                                                                                                                                                                          SHA-256:0F3BC15621EF7294DCB0165398DB5B0EA2A85A2DBDAED323400F66A9C16E506A
                                                                                                                                                                                                                                                                                                                                                          SHA-512:F30240CB64EF856C48E78B1775E5F03431AECA894E19DE5B6BA4864577D6437ADAE30BA405705743F473D1AE67D6F6393B6C90EC354A20D4855B6BDE87CEFF57
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734357581);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734357581);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734357581);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173435

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js (copy)

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):13187
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.478020522470597
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:192:0hC41UhPEnPOeRnLYbBp6fkJ0aX+G6SEXKonlKN+le5RHWNBw8d9Sl:SDeJJU9f0zHEwC0
                                                                                                                                                                                                                                                                                                                                                          MD5:AB21E1E2C4F2D55696E373CC197D4757
                                                                                                                                                                                                                                                                                                                                                          SHA1:C3830B41C66DBE2038E795EEA4027D85E71E7758
                                                                                                                                                                                                                                                                                                                                                          SHA-256:0F3BC15621EF7294DCB0165398DB5B0EA2A85A2DBDAED323400F66A9C16E506A
                                                                                                                                                                                                                                                                                                                                                          SHA-512:F30240CB64EF856C48E78B1775E5F03431AECA894E19DE5B6BA4864577D6437ADAE30BA405705743F473D1AE67D6F6393B6C90EC354A20D4855B6BDE87CEFF57
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734357581);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734357581);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734357581);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173435

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\protections.sqlite

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                                                                                                                                                                                                                                                                                                                          MD5:60C09456D6362C6FBED48C69AA342C3C
                                                                                                                                                                                                                                                                                                                                                          SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                                                                                                                                                                                                                                                                                                                          SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                                                                                                                                                                                                                                                                                                                          SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\f6efab03-436f-4f91-b493-8c3876ac72b9 (copy)

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):493
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.97431363009554
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:12:YZFgQ0saDCPIVHlW8cOlZGV1AQIYzvZcyBuLZGAvxn:Y5hACPSlCOlZGV1AQIWZcy6ZXvx
                                                                                                                                                                                                                                                                                                                                                          MD5:0F31BDEDCA183F0F9A55F983007D6E5B
                                                                                                                                                                                                                                                                                                                                                          SHA1:A33B7EC4648DE4553FB58FF5FA4C503824577F3E
                                                                                                                                                                                                                                                                                                                                                          SHA-256:555CE440976DB3F5FA04DEEAE11DA2E837FCAFA746818FDC796A8F0EDC87240E
                                                                                                                                                                                                                                                                                                                                                          SHA-512:2D548746447AAA361C35B9EB9364A71E42BB8445D362DED460334E08F9B1AAEE86AB13D12483CE634C3C8F1232982BBACFDCAA8F877D493E51806C5D7362209A
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"type":"health","id":"f6efab03-436f-4f91-b493-8c3876ac72b9","creationDate":"2024-12-16T14:00:12.799Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95"}

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\f6efab03-436f-4f91-b493-8c3876ac72b9.tmp

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):493
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.97431363009554
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:12:YZFgQ0saDCPIVHlW8cOlZGV1AQIYzvZcyBuLZGAvxn:Y5hACPSlCOlZGV1AQIWZcy6ZXvx
                                                                                                                                                                                                                                                                                                                                                          MD5:0F31BDEDCA183F0F9A55F983007D6E5B
                                                                                                                                                                                                                                                                                                                                                          SHA1:A33B7EC4648DE4553FB58FF5FA4C503824577F3E
                                                                                                                                                                                                                                                                                                                                                          SHA-256:555CE440976DB3F5FA04DEEAE11DA2E837FCAFA746818FDC796A8F0EDC87240E
                                                                                                                                                                                                                                                                                                                                                          SHA-512:2D548746447AAA361C35B9EB9364A71E42BB8445D362DED460334E08F9B1AAEE86AB13D12483CE634C3C8F1232982BBACFDCAA8F877D493E51806C5D7362209A
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"type":"health","id":"f6efab03-436f-4f91-b493-8c3876ac72b9","creationDate":"2024-12-16T14:00:12.799Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95"}

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                          MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                          SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                          SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                          SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                          MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                          SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                          SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                          SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):1567
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.345852343187677
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24:v+USUGlcAxS/WLXnIrHx/pnxQwRcWT5sKmgb0X3eHVpjO+damhujJwO2c0TiVm0D:GUpOxXmLnRcoegY3erjxd4Jwc3zBtT
                                                                                                                                                                                                                                                                                                                                                          MD5:A968BE78ACBA0F394AA21A3A922792DC
                                                                                                                                                                                                                                                                                                                                                          SHA1:482650B628660F2D24F5F8AC34E10A41FBC3E8FA
                                                                                                                                                                                                                                                                                                                                                          SHA-256:0152FD5798361805D170D768A5487C55D7FE82D2E3A2D5493D6E9F1DE45F0F83
                                                                                                                                                                                                                                                                                                                                                          SHA-512:C8E4847FFA864887647253CEC814FFBD99E4A02A7E605B508404876F178D62277BF6D712E10E0CAD01303D5257FB25EFB82C3EB2689B68B9E6B7DDAFD12BC740
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":7,"docshellUU...D"{41db80c7-17b0-4dd7-b152-2cb8bf77e1d2}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":8,"persistK..+}],"lastAccessed":1734357587617,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2150633470....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...98952893-68ff-4a5d-a164-705c709ed3db","zD..1...Wm..l........j..:....1":{..jUpdate...8,"startTim..P50612...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...'b03116d8508741e1c0453eca6046028f71c7c2b904be5e0a0d4686...b1764f","pa..p"/","na..a"taarI|.Tecure2..C.Donly..fexpiry...58273,"originA...."f

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):1567
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.345852343187677
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24:v+USUGlcAxS/WLXnIrHx/pnxQwRcWT5sKmgb0X3eHVpjO+damhujJwO2c0TiVm0D:GUpOxXmLnRcoegY3erjxd4Jwc3zBtT
                                                                                                                                                                                                                                                                                                                                                          MD5:A968BE78ACBA0F394AA21A3A922792DC
                                                                                                                                                                                                                                                                                                                                                          SHA1:482650B628660F2D24F5F8AC34E10A41FBC3E8FA
                                                                                                                                                                                                                                                                                                                                                          SHA-256:0152FD5798361805D170D768A5487C55D7FE82D2E3A2D5493D6E9F1DE45F0F83
                                                                                                                                                                                                                                                                                                                                                          SHA-512:C8E4847FFA864887647253CEC814FFBD99E4A02A7E605B508404876F178D62277BF6D712E10E0CAD01303D5257FB25EFB82C3EB2689B68B9E6B7DDAFD12BC740
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":7,"docshellUU...D"{41db80c7-17b0-4dd7-b152-2cb8bf77e1d2}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":8,"persistK..+}],"lastAccessed":1734357587617,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2150633470....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...98952893-68ff-4a5d-a164-705c709ed3db","zD..1...Wm..l........j..:....1":{..jUpdate...8,"startTim..P50612...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...'b03116d8508741e1c0453eca6046028f71c7c2b904be5e0a0d4686...b1764f","pa..p"/","na..a"taarI|.Tecure2..C.Donly..fexpiry...58273,"originA...."f

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):1567
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.345852343187677
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24:v+USUGlcAxS/WLXnIrHx/pnxQwRcWT5sKmgb0X3eHVpjO+damhujJwO2c0TiVm0D:GUpOxXmLnRcoegY3erjxd4Jwc3zBtT
                                                                                                                                                                                                                                                                                                                                                          MD5:A968BE78ACBA0F394AA21A3A922792DC
                                                                                                                                                                                                                                                                                                                                                          SHA1:482650B628660F2D24F5F8AC34E10A41FBC3E8FA
                                                                                                                                                                                                                                                                                                                                                          SHA-256:0152FD5798361805D170D768A5487C55D7FE82D2E3A2D5493D6E9F1DE45F0F83
                                                                                                                                                                                                                                                                                                                                                          SHA-512:C8E4847FFA864887647253CEC814FFBD99E4A02A7E605B508404876F178D62277BF6D712E10E0CAD01303D5257FB25EFB82C3EB2689B68B9E6B7DDAFD12BC740
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":7,"docshellUU...D"{41db80c7-17b0-4dd7-b152-2cb8bf77e1d2}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":8,"persistK..+}],"lastAccessed":1734357587617,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2150633470....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...98952893-68ff-4a5d-a164-705c709ed3db","zD..1...Wm..l........j..:....1":{..jUpdate...8,"startTim..P50612...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...'b03116d8508741e1c0453eca6046028f71c7c2b904be5e0a0d4686...b1764f","pa..p"/","na..a"taarI|.Tecure2..C.Donly..fexpiry...58273,"originA...."f

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage.sqlite

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):4096
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):2.0836444556178684
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                                                                                                                          MD5:8B40B1534FF0F4B533AF767EB5639A05
                                                                                                                                                                                                                                                                                                                                                          SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                                                                                                                                                                                                                                                                                                                                          SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                                                                                                                                                                                                                                                                                                                                          SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.031726695404604
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:96:ycFMTEr5/lLmI2Ac1zzcxvbw6Kkgrc2Rn27:oTEr5NX0z3DhRe
                                                                                                                                                                                                                                                                                                                                                          MD5:FDB76BC3F120850645AA20CF7E6636AE
                                                                                                                                                                                                                                                                                                                                                          SHA1:C7638EE2336C364750EDF5F07B1ECBD71BD223AE
                                                                                                                                                                                                                                                                                                                                                          SHA-256:3CFA1DB25ACBC3D12A8B9610D0E0B1F89987EBDC601C63CB28FA064351E4D25A
                                                                                                                                                                                                                                                                                                                                                          SHA-512:02635436E73F7A3BAE892B5B2573FEA4B577945607B70208E9AAD9CF8230B6601A0CE52FC0ED16E0EF0908E9165E52768A4DE35E481E8BF70E7262566FD74B57
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-16T13:59:27.867Z","profileAgeCreated":1696426830133,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.031726695404604
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:96:ycFMTEr5/lLmI2Ac1zzcxvbw6Kkgrc2Rn27:oTEr5NX0z3DhRe
                                                                                                                                                                                                                                                                                                                                                          MD5:FDB76BC3F120850645AA20CF7E6636AE
                                                                                                                                                                                                                                                                                                                                                          SHA1:C7638EE2336C364750EDF5F07B1ECBD71BD223AE
                                                                                                                                                                                                                                                                                                                                                          SHA-256:3CFA1DB25ACBC3D12A8B9610D0E0B1F89987EBDC601C63CB28FA064351E4D25A
                                                                                                                                                                                                                                                                                                                                                          SHA-512:02635436E73F7A3BAE892B5B2573FEA4B577945607B70208E9AAD9CF8230B6601A0CE52FC0ED16E0EF0908E9165E52768A4DE35E481E8BF70E7262566FD74B57
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-16T13:59:27.867Z","profileAgeCreated":1696426830133,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.6905794819155515
                                                                                                                                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                                                          File name:fNlxQP0jBz.exe
                                                                                                                                                                                                                                                                                                                                                          File size:964'608 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5:687bbf73e7b900ff5d46c6c2d23c6a40
                                                                                                                                                                                                                                                                                                                                                          SHA1:3525c527942817869fb00ee2a8aa88e78a331f3a
                                                                                                                                                                                                                                                                                                                                                          SHA256:18defb28d0c93edff52a2be5d4317dad26358a689671beda075a36db021f5525
                                                                                                                                                                                                                                                                                                                                                          SHA512:d9570e334dfb0eb347539d34a37ed973ec2ef2863d2c9d3a04d1797607f453d2faa0946ba3ba2a8a767dad1f994d1ec093fc2f5ffdc4453dbe57008f8d866c83
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24576:mqDEvCTbMWu7rQYlBQcBiT6rprG8alKZx:mTvC/MTQYxsWR7alK
                                                                                                                                                                                                                                                                                                                                                          TLSH:25259E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                                                                                                                                                                                                                                                                                                                          File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                                                                                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                                                                                                                                                          Icon Hash:aaf3e3e3938382a0

                                                                                                                                                                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Entrypoint:0x420577
                                                                                                                                                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                          Time Stamp:0x675FF277 [Mon Dec 16 09:27:19 2024 UTC]
                                                                                                                                                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                          OS Version Major:5
                                                                                                                                                                                                                                                                                                                                                          OS Version Minor:1
                                                                                                                                                                                                                                                                                                                                                          File Version Major:5
                                                                                                                                                                                                                                                                                                                                                          File Version Minor:1
                                                                                                                                                                                                                                                                                                                                                          Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                                                                          Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                                                                                          Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                                                                                                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                                                                                                                                                          call 00007F3CF8EB7EE3h
                                                                                                                                                                                                                                                                                                                                                          jmp 00007F3CF8EB77EFh
                                                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                                                                                          push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                          call 00007F3CF8EB79CDh
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                          mov eax, esi
                                                                                                                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                                                                                                                          pop ebp
                                                                                                                                                                                                                                                                                                                                                          retn 0004h
                                                                                                                                                                                                                                                                                                                                                          and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                          mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                          and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                                                                                          push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                          call 00007F3CF8EB799Ah
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                          mov eax, esi
                                                                                                                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                                                                                                                          pop ebp
                                                                                                                                                                                                                                                                                                                                                          retn 0004h
                                                                                                                                                                                                                                                                                                                                                          and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                          mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                          and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                          lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                          and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                                                                                                                                          and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                                                          mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                          add eax, 04h
                                                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                                                          call 00007F3CF8EBA58Dh
                                                                                                                                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                                                                                                                                          mov eax, esi
                                                                                                                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                                                                                                                          pop ebp
                                                                                                                                                                                                                                                                                                                                                          retn 0004h
                                                                                                                                                                                                                                                                                                                                                          lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                                                          call 00007F3CF8EBA5D8h
                                                                                                                                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                          lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                                                          call 00007F3CF8EBA5C1h
                                                                                                                                                                                                                                                                                                                                                          test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                                                                                                                          pop ecx

                                                                                                                                                                                                                                                                                                                                                          Rich Headers

                                                                                                                                                                                                                                                                                                                                                          Programming Language:
                                                                                                                                                                                                                                                                                                                                                          • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                          • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x14cec.rsrc
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xe90000x7594.reloc
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                                                                          Sections

                                                                                                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                          .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                          .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                          .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                          .rsrc0xd40000x14cec0x14e0036ed5e4485ec1b1c34809902d5a515b2False0.6815353667664671data7.093391289728069IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                          .reloc0xe90000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                                                                          Resources

                                                                                                                                                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd45f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd47180x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd48400x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd49680x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd4c500x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd4d780xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd5c200x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd64c80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd6a300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd8fd80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xda0800x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                                                                                                                                          RT_MENU0xda4e80x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                                                                                                                          RT_DIALOG0xda5380xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xda6340x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdabc80x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdb2540x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdb6e40x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdbce00x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdc33c0x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdc7a40x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                                                                                                                          RT_RCDATA0xdc8fc0xbe70data1.0004307515589104
                                                                                                                                                                                                                                                                                                                                                          RT_GROUP_ICON0xe876c0x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                                                                                                                                          RT_GROUP_ICON0xe87e40x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                          RT_GROUP_ICON0xe87f80x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                                                                                                                          RT_GROUP_ICON0xe880c0x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                          RT_VERSION0xe88200xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                                                                                                                          RT_MANIFEST0xe88fc0x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                                                                                                                                                                                                                                                                                          Imports

                                                                                                                                                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                                                                                                                                                          WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                                                                                                                                          VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                                                                                                                          WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                                                                                                                          COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                                                                                                                                          MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                                                                                                                          WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                                                                                                                                          PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                                                                                                                          IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                                                                                                                                          USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                                                                                                                                          UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                                                                                                                          KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                                                                                                                                          USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                                                                                                                                          GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                                                                                                                                          COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                                                                                                                          ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                                                                                                                                          SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                                                                                                                                          ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                                                                                                                          OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                                                                                                                                                                                                                                                                                          Possible Origin

                                                                                                                                                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                          EnglishGreat Britain

                                                                                                                                                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:13.697530031 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:13.697577953 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:13.699240923 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:13.704122066 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:13.704138994 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.517412901 CET49712443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.517453909 CET44349712142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.517685890 CET49713443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.517745972 CET44349713142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.518487930 CET4971480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.529772043 CET49712443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.529968977 CET49713443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.531744003 CET49712443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.531759977 CET44349712142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.533973932 CET49713443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.533996105 CET44349713142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.638444901 CET804971434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.638935089 CET4971480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.639086962 CET4971480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.758975983 CET804971434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.931068897 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.939347029 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.946676970 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.583530903 CET49715443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.583580971 CET4434971534.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.583638906 CET49716443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.583679914 CET4434971635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.586581945 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.586605072 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.586723089 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.586942911 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.589502096 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.589526892 CET49715443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.589526892 CET49716443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.590763092 CET49715443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.590786934 CET4434971534.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.590847969 CET49716443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.590863943 CET4434971635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.725935936 CET804971434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.764386892 CET49717443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.764450073 CET4434971734.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.764717102 CET49717443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.766053915 CET49717443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.766067982 CET4434971734.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.775011063 CET4971480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.924959898 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.925019026 CET4434971834.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.925277948 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.925354958 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.925369024 CET4434971834.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.156402111 CET4971980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.228738070 CET44349712142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.228753090 CET44349712142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.229731083 CET44349712142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.231475115 CET44349713142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.231489897 CET44349713142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.231688976 CET49712443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.231704950 CET44349712142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.231899023 CET49713443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.232199907 CET44349713142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.233273029 CET49713443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.237159014 CET49713443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.237165928 CET44349713142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.237390995 CET44349713142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.237427950 CET49713443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.237436056 CET44349713142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.237737894 CET49713443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.240276098 CET49712443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.240303993 CET44349712142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.240349054 CET49712443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.240566969 CET44349712142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.242938042 CET49712443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.276614904 CET804971934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.278835058 CET4971980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.279081106 CET4971980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.398796082 CET804971934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.805557013 CET4434971635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.805658102 CET49716443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.813143015 CET4434971534.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.813214064 CET49715443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.834176064 CET49716443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.834201097 CET4434971635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.835139036 CET4434971635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.838828087 CET49716443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.838907957 CET49716443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.839027882 CET49715443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.839073896 CET4434971534.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.839118004 CET49715443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.839306116 CET4434971635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.839502096 CET49721443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.839546919 CET4434972134.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.839705944 CET4434971534.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.840464115 CET49716443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.840483904 CET49716443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.840514898 CET49715443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.840614080 CET49721443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.842040062 CET49721443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.842058897 CET4434972134.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.852567911 CET4971480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.973484039 CET804971434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.973566055 CET4971480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.993443012 CET4434971734.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.993542910 CET49717443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.997056007 CET49717443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.997071981 CET4434971734.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.997147083 CET49717443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.997324944 CET4434971734.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.997534037 CET49717443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.151674032 CET4434971834.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.152267933 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.155107975 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.155117989 CET4434971834.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.155533075 CET4434971834.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.158190966 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.158277988 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.158365965 CET4434971834.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.158596992 CET49722443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.158653021 CET4434972234.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.158693075 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.158771038 CET49722443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.158895969 CET49722443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.158904076 CET4434972234.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.326211929 CET49723443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.326248884 CET4434972334.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.333569050 CET49723443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.334979057 CET49723443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.334995985 CET4434972334.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.363698959 CET804971934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.364021063 CET4971980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.485200882 CET804971934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.485433102 CET4971980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.685241938 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.805286884 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.805464983 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.805622101 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.925672054 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:18.080440044 CET4434972134.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:18.080528975 CET49721443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:18.085542917 CET49721443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:18.085551977 CET4434972134.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:18.085618973 CET49721443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:18.086096048 CET4434972134.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:18.086168051 CET49721443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:18.372066021 CET4434972234.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:18.372143030 CET49722443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:18.374927998 CET49722443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:18.374943972 CET4434972234.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:18.375188112 CET4434972234.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:18.377079010 CET49722443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:18.377175093 CET49722443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:18.557733059 CET4434972334.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:18.557754040 CET4434972334.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:18.557859898 CET49723443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:18.562047958 CET49723443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:18.562067032 CET4434972334.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:18.562177896 CET49723443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:18.562422991 CET4434972334.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:18.562625885 CET49726443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:18.562645912 CET49723443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:18.562668085 CET4434972634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:18.562932968 CET49726443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:18.564253092 CET49726443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:18.564266920 CET4434972634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:18.892038107 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:18.946758032 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.438249111 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.440121889 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.558101892 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.560236931 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.562226057 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.562403917 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.682076931 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.753196001 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.799468040 CET4434972634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.802537918 CET49726443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.817940950 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.823333025 CET49726443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.823350906 CET4434972634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.823379040 CET49726443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.823522091 CET4434972634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.825190067 CET49726443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.128853083 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.150264025 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.159007072 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.270972013 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.271255016 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.271415949 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.278800011 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.292305946 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.392405987 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.454507113 CET804972734.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.456581116 CET4972780192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.473678112 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.484513998 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.494960070 CET4973080192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.530520916 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.614797115 CET804973034.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.615217924 CET4973080192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.634726048 CET4973080192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.635190010 CET49731443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.635235071 CET4434973134.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.637090921 CET49731443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.638480902 CET49731443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.638497114 CET4434973134.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.648113966 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.705420971 CET49732443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.705466032 CET4434973235.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.707115889 CET49732443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.707222939 CET49732443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.707228899 CET4434973235.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.708060026 CET49733443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.708117008 CET4434973334.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.708384037 CET49733443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.709718943 CET49733443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.709743023 CET4434973334.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.754864931 CET804973034.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.936034918 CET49734443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.936080933 CET4434973434.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.936300039 CET49734443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.937495947 CET49734443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.937515974 CET4434973434.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:21.162816048 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:21.162878036 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:21.333425045 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:21.454257965 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:21.647780895 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:21.701344013 CET804973034.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:21.709450960 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:21.756325960 CET4973080192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:21.854783058 CET4434973134.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:21.854857922 CET49731443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:21.921088934 CET4434973235.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:21.921231031 CET49732443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:21.926100016 CET4434973334.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:21.926193953 CET49733443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:22.192893028 CET4434973434.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:22.195533037 CET49734443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:23.273056984 CET49732443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:23.273086071 CET4434973235.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:23.273422956 CET4434973235.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:23.274446011 CET4973080192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:23.278284073 CET49734443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:23.278314114 CET4434973434.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:23.278526068 CET49734443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:23.278584957 CET4434973434.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:23.278594971 CET49731443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:23.278629065 CET4434973134.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:23.278657913 CET49731443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:23.278816938 CET4434973134.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:23.278846025 CET49732443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:23.278846025 CET49732443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:23.278981924 CET4434973235.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:23.279589891 CET49732443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:23.279614925 CET49734443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:23.279628038 CET49731443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:23.280297995 CET49732443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:23.280363083 CET49733443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:23.280391932 CET4434973334.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:23.280421019 CET49733443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:23.280570984 CET4434973334.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:23.282661915 CET49733443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:23.394520998 CET804973034.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:23.394603968 CET4973080192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:27.021435976 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:27.141259909 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:27.141349077 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:27.514487982 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:27.634344101 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:28.230825901 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:28.282143116 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:28.711241007 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:28.831248999 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:28.849731922 CET49751443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:28.849778891 CET4434975134.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:28.849920034 CET49751443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:28.851330996 CET49751443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:28.851344109 CET4434975134.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:28.988029957 CET49752443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:28.988061905 CET4434975234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:28.988176107 CET49753443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:28.988217115 CET4434975334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:28.990458965 CET49752443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:28.990497112 CET49753443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:28.990621090 CET49752443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:28.990638971 CET4434975234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:28.990731001 CET49753443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:28.990745068 CET4434975334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.029361963 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.084496975 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.152530909 CET49754443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.152589083 CET4434975434.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.153568029 CET49754443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.155040979 CET49754443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.155073881 CET4434975434.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.211215019 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.330991983 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.525877953 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.570332050 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.073750019 CET4434975134.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.080463886 CET49751443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.202012062 CET4434975234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.202090979 CET49752443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.206226110 CET4434975334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.206301928 CET49753443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.352283001 CET49753443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.352309942 CET4434975334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.353244066 CET4434975334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.373131037 CET4434975434.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.373218060 CET49754443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.403927088 CET49753443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.626367092 CET49752443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.626386881 CET4434975234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.626746893 CET4434975234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.673578024 CET49752443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.847960949 CET49751443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.847980976 CET4434975134.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.848041058 CET49751443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.848118067 CET49753443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.848294973 CET49753443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.848356009 CET4434975334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.848366976 CET49752443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.848428965 CET49752443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.848517895 CET49754443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.848556995 CET4434975434.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.848562956 CET4434975134.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.848575115 CET49754443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.848586082 CET4434975234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.848727942 CET49753443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.848752022 CET49752443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.848783970 CET49751443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.848982096 CET4434975434.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.849319935 CET49754443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:32.589612007 CET49760443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:32.589656115 CET4434976034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:32.591276884 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:32.592843056 CET49760443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:32.711153984 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:32.906064987 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:32.948601961 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:33.572396040 CET49760443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:33.572412014 CET4434976034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:33.578208923 CET49766443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:33.578243971 CET4434976634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:33.581692934 CET49766443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:33.583162069 CET49766443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:33.583180904 CET4434976634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:33.650276899 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:33.770200014 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:33.792628050 CET49767443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:33.792679071 CET4434976734.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:33.792908907 CET49767443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:33.794301987 CET49767443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:33.794321060 CET4434976734.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:33.917084932 CET49768443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:33.917145967 CET4434976834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:33.917742968 CET49768443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:33.917876959 CET49768443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:33.917891979 CET4434976834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:33.965599060 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:34.014061928 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:34.784133911 CET4434976034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:34.784215927 CET49760443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:34.787676096 CET49760443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:34.787683964 CET4434976034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:34.787957907 CET4434976034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:34.791043043 CET49760443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:34.791152954 CET49760443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:34.791201115 CET4434976034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:34.794173002 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:34.796627045 CET49760443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:34.800415993 CET4434976634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:34.800597906 CET49766443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:34.805515051 CET49766443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:34.805526018 CET4434976634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:34.805629015 CET49766443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:34.805708885 CET4434976634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:34.806862116 CET49766443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:34.914572001 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.038770914 CET4434976734.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.038857937 CET49767443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.043678045 CET49767443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.043687105 CET4434976734.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.043780088 CET49767443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.043833017 CET4434976734.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.044019938 CET49767443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.110312939 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.113671064 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.132848978 CET4434976834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.132951021 CET49768443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.135770082 CET49768443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.135776997 CET4434976834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.136137962 CET4434976834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.138029099 CET49768443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.138128996 CET49768443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.138210058 CET4434976834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.138494015 CET49768443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.141169071 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.233577013 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.260961056 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.428770065 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.456317902 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.459425926 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.502898932 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.579402924 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.775657892 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.819437027 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.110311985 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.110358953 CET4434978934.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.110660076 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.110780954 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.110790968 CET4434978934.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.142628908 CET49790443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.142663002 CET4434979035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.145245075 CET49790443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.147607088 CET49790443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.147617102 CET4434979035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.224165916 CET49791443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.224206924 CET4434979135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.237060070 CET49791443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.237189054 CET49791443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.237200975 CET4434979135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.246561050 CET49792443192.168.2.5151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.246603966 CET44349792151.101.65.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.246819019 CET49792443192.168.2.5151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.247051001 CET49792443192.168.2.5151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.247064114 CET44349792151.101.65.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.458806992 CET49793443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.458858967 CET4434979335.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.459383965 CET49793443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.461474895 CET49793443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.461503029 CET4434979335.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.323954105 CET4434978934.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.324058056 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.327569962 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.327590942 CET4434978934.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.328102112 CET4434978934.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.330385923 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.330540895 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.330615997 CET4434978934.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.332216978 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.334367037 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.358516932 CET4434979035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.358614922 CET49790443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.363735914 CET49790443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.363760948 CET4434979035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.363785982 CET49790443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.364145994 CET4434979035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.364403963 CET49790443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.454363108 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.458478928 CET4434979135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.458493948 CET4434979135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.458565950 CET49791443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.461877108 CET49791443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.461884022 CET4434979135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.462132931 CET4434979135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.464710951 CET49791443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.464802027 CET49791443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.464879036 CET4434979135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.465544939 CET49791443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.466226101 CET44349792151.101.65.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.466983080 CET49792443192.168.2.5151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.469861984 CET49792443192.168.2.5151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.469875097 CET44349792151.101.65.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.470293045 CET44349792151.101.65.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.472388983 CET49792443192.168.2.5151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.472465038 CET49792443192.168.2.5151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.472640991 CET44349792151.101.65.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.472700119 CET49792443192.168.2.5151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.479562998 CET49794443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.479619980 CET4434979435.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.479862928 CET49794443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.479957104 CET49794443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.479968071 CET4434979435.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.481663942 CET49795443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.481693029 CET4434979535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.481975079 CET49795443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.482069016 CET49795443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.482079983 CET4434979535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.618577957 CET49796443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.618621111 CET4434979635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.618849993 CET49796443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.618947029 CET49796443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.618957043 CET4434979635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.649645090 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.653297901 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.692147970 CET4434979335.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.692224026 CET49793443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.697375059 CET49793443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.697385073 CET4434979335.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.697478056 CET49793443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.697607994 CET4434979335.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.698920965 CET49793443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.701143026 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.709825993 CET49797443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.709871054 CET4434979734.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.710022926 CET49797443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.710223913 CET49797443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.710232019 CET4434979734.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.773101091 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.820926905 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.968765020 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.019388914 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.022722960 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.073398113 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.142585993 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.338068008 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.389986992 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.693531990 CET4434979435.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.693615913 CET49794443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.696209908 CET4434979535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.696274042 CET49795443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.696546078 CET49794443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.696563005 CET4434979435.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.696882010 CET4434979435.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.699057102 CET49795443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.699067116 CET4434979535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.699393988 CET4434979535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.702301979 CET49794443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.702394962 CET49794443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.702466965 CET4434979435.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.702598095 CET49795443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.702640057 CET49795443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.702739954 CET4434979535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.702791929 CET49794443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.702838898 CET49795443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.707848072 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.830173016 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.841612101 CET4434979635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.841698885 CET49796443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.844966888 CET49796443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.844979048 CET4434979635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.845207930 CET4434979635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.847342014 CET49796443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.847451925 CET49796443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.847455978 CET4434979635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.847470045 CET4434979635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.848278046 CET49796443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.921303988 CET4434979734.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.921386003 CET49797443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.925363064 CET49797443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.925371885 CET4434979734.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.925645113 CET4434979734.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.927242041 CET49797443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.927386999 CET4434979734.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.927397966 CET49797443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.927403927 CET4434979734.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.927604914 CET49797443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:45.025744915 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:45.028736115 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:45.076297998 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:45.080730915 CET49804443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:45.080764055 CET4434980434.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:45.081177950 CET49804443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:45.082556963 CET49804443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:45.082567930 CET4434980434.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:45.148798943 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:45.343883991 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:45.392898083 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:46.298527956 CET4434980434.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:46.298604012 CET49804443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:46.302236080 CET49804443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:46.302242041 CET4434980434.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:46.302329063 CET49804443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:46.302486897 CET4434980434.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:46.302548885 CET49804443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:46.304899931 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:46.424611092 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:46.619333029 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:46.622292042 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:46.665436983 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:46.742687941 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:46.937669039 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:46.981976986 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:56.626282930 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:56.746149063 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:56.942976952 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:57.062844992 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:06.772382021 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:06.892294884 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:07.058168888 CET49853443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:07.058204889 CET4434985334.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:07.059484005 CET49853443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:07.060945988 CET49853443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:07.060962915 CET4434985334.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:07.073101044 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:07.192883015 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:08.273919106 CET4434985334.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:08.274038076 CET49853443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:08.279892921 CET49853443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:08.279897928 CET4434985334.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:08.280013084 CET49853443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:08.280071020 CET4434985334.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:08.280263901 CET49853443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:08.282593966 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:08.402488947 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:08.597384930 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:08.602396011 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:08.646428108 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:08.722273111 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:08.917768002 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:08.962822914 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:12.860234976 CET49868443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:12.860270023 CET4434986834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:12.860379934 CET49869443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:12.860446930 CET4434986934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:12.860769033 CET49868443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:12.860889912 CET49868443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:12.860892057 CET49869443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:12.860897064 CET4434986834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:12.861023903 CET49869443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:12.861040115 CET4434986934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.073709011 CET4434986834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.073846102 CET49868443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.077332973 CET49868443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.077348948 CET4434986834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.077624083 CET4434986834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.077706099 CET4434986934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.077954054 CET49869443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.080235004 CET49869443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.080248117 CET4434986934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.080490112 CET4434986934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.082964897 CET49868443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.083102942 CET49868443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.083158016 CET4434986834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.084189892 CET49869443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.084247112 CET49869443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.084328890 CET4434986934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.084393024 CET49869443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.084393978 CET49868443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.087568045 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.090651989 CET49872443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.090699911 CET4434987234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.090869904 CET49872443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.091011047 CET49872443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.091025114 CET4434987234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.099195004 CET49873443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.099256039 CET4434987334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.099401951 CET49873443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.099519014 CET49873443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.099539042 CET4434987334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.101473093 CET49874443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.101520061 CET4434987434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.101691961 CET49874443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.101692915 CET49874443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.101726055 CET4434987434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.207420111 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.403177023 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.406090975 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.447964907 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.525897026 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.721771955 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.764822960 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.302294016 CET4434987234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.302381992 CET49872443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.305783987 CET49872443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.305799961 CET4434987234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.306101084 CET4434987234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.308881998 CET49872443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.308998108 CET49872443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.309084892 CET4434987234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.310060024 CET4434987334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.310913086 CET4434987434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.311652899 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.313915968 CET49872443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.313951969 CET49873443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.314069033 CET49874443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.317126036 CET49873443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.317148924 CET4434987334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.317437887 CET4434987334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.319717884 CET49874443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.319741964 CET4434987434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.319992065 CET4434987434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.323261976 CET49873443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.323367119 CET49873443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.323441029 CET49874443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.323443890 CET4434987334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.323519945 CET49874443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.323586941 CET4434987434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.323668003 CET49873443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.323688984 CET49874443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.432101965 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.627286911 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.632651091 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.682389021 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.752525091 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.948395967 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.998924017 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:20.000520945 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:20.120244980 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:20.315176964 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:20.318660021 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:20.365541935 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:20.438344002 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:20.633582115 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:20.681926012 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:30.325954914 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:30.445760012 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:30.642415047 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:30.762310982 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:40.455991030 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:40.575906038 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:40.772622108 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:40.892376900 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:49.029253960 CET49958443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:49.029300928 CET4434995834.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:49.029669046 CET49958443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:49.031157970 CET49958443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:49.031177998 CET4434995834.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:50.245050907 CET4434995834.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:50.245179892 CET49958443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:50.250484943 CET49958443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:50.250494003 CET4434995834.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:50.250605106 CET49958443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:50.250704050 CET4434995834.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:50.250806093 CET49958443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:50.253108025 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:50.372824907 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:50.568164110 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:50.571903944 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:50.623960018 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:50.691940069 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:50.887022018 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:50.940498114 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:46:00.569448948 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:46:00.689310074 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:46:00.901633978 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:46:01.021658897 CET804974534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:46:10.704679012 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:46:10.824604034 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:46:11.036672115 CET4974580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:46:11.156539917 CET804974534.107.221.82192.168.2.5

                                                                                                                                                                                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:13.697499037 CET5297153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:13.836083889 CET53529711.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:13.838696957 CET4927853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:13.979124069 CET53492781.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.369257927 CET5230153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.369257927 CET6188653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.506373882 CET53523011.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.523078918 CET5824453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.523377895 CET6173053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.661837101 CET53617301.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.662264109 CET53582441.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.662787914 CET5168353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.663439989 CET5011553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.672199965 CET5347053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.802387953 CET53501151.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.803591013 CET53516831.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.810028076 CET53534701.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.581099033 CET6172353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.581378937 CET6401353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.625068903 CET6102853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.718199015 CET53617231.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.718358040 CET53640131.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.718950987 CET6203053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.719443083 CET5799253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.763559103 CET53610281.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.764638901 CET6175253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.786470890 CET5040253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.856482983 CET53620301.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.857614040 CET53579921.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.903985977 CET53617521.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.904678106 CET5136153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.924027920 CET53504021.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.925156116 CET5409353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.971992016 CET6394753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.993988991 CET5003253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.004621983 CET4916353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.041765928 CET53513611.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.062588930 CET53540931.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.063296080 CET5015453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.109453917 CET53639471.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.131572962 CET53500321.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.200656891 CET53501541.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.276817083 CET5354853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.439018011 CET5302653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.561301947 CET6120453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.699067116 CET53612041.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.712944031 CET5860453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.850181103 CET53586041.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.854295015 CET5291653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.880225897 CET53650341.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.991477013 CET53529161.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.453519106 CET5024053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.487328053 CET5081153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.566102982 CET6150353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.592185020 CET53502401.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.625828028 CET53508111.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.635242939 CET6393153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.667993069 CET5354753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.704674959 CET53615031.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.708332062 CET4951953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.773703098 CET53639311.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.781738043 CET5566453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.806376934 CET53535471.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.813968897 CET5687353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.845694065 CET53495191.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.846460104 CET5341353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.919358015 CET53556641.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.987452030 CET53534131.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:21.014363050 CET53568731.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:28.711096048 CET5818453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:28.848934889 CET53581841.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.205037117 CET5696153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.205135107 CET5410553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.205251932 CET5972753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.342319965 CET53541051.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.342470884 CET53597271.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.342654943 CET53569611.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.326373100 CET5887353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.326597929 CET6154253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.326778889 CET6288853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.464493036 CET53588731.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.464829922 CET53615421.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.465615988 CET6347353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.465749025 CET53628881.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.465934038 CET5539653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.466337919 CET4948553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.603425980 CET53553961.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.604079962 CET53634731.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.605978012 CET53494851.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.623270035 CET6146153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.623270035 CET5955353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.760809898 CET53595531.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.762132883 CET53614611.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.843225956 CET5291653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.843573093 CET6431453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.984740019 CET53529161.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.985465050 CET6089653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.986757994 CET53643141.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.987294912 CET5512753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:31.123137951 CET53608961.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:31.199976921 CET53551271.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:33.578598976 CET6458153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:33.716269016 CET53645811.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:33.772272110 CET5843053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:33.911546946 CET53584301.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.105695963 CET5590253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.159606934 CET4994453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.222876072 CET5297253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.243940115 CET53559021.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.247140884 CET6398753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.360465050 CET53529721.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.387900114 CET53639871.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.388793945 CET5369753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.457612038 CET53499441.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.459287882 CET5003053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.526361942 CET53536971.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.598989964 CET53500301.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.600071907 CET6399953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.737348080 CET53639991.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.479789019 CET5809753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.617389917 CET53580971.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:45.081111908 CET6306353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:45.218590975 CET53630631.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:07.058346033 CET5478353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:07.195779085 CET53547831.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:12.859565973 CET5709453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:12.997873068 CET53570941.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:20.000801086 CET5398953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:48.887356043 CET5139553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:49.027827978 CET53513951.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:49.029618979 CET5170653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:49.169686079 CET53517061.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:50.253376007 CET5289953192.168.2.51.1.1.1

                                                                                                                                                                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:13.697499037 CET192.168.2.51.1.1.10xfcd6Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:13.838696957 CET192.168.2.51.1.1.10x2c44Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.369257927 CET192.168.2.51.1.1.10x6edbStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.369257927 CET192.168.2.51.1.1.10x75c7Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.523078918 CET192.168.2.51.1.1.10xe6e2Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.523377895 CET192.168.2.51.1.1.10xb32Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.662787914 CET192.168.2.51.1.1.10x2c63Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.663439989 CET192.168.2.51.1.1.10xe647Standard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.672199965 CET192.168.2.51.1.1.10x96d5Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.581099033 CET192.168.2.51.1.1.10x4efbStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.581378937 CET192.168.2.51.1.1.10x4863Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.625068903 CET192.168.2.51.1.1.10x13a5Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.718950987 CET192.168.2.51.1.1.10x1262Standard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.719443083 CET192.168.2.51.1.1.10xf9e5Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.764638901 CET192.168.2.51.1.1.10xc417Standard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.786470890 CET192.168.2.51.1.1.10xd52aStandard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.904678106 CET192.168.2.51.1.1.10x4631Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.925156116 CET192.168.2.51.1.1.10xfa58Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.971992016 CET192.168.2.51.1.1.10x4967Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.993988991 CET192.168.2.51.1.1.10x3cabStandard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.004621983 CET192.168.2.51.1.1.10xcbd3Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.063296080 CET192.168.2.51.1.1.10x954aStandard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.276817083 CET192.168.2.51.1.1.10x632eStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.439018011 CET192.168.2.51.1.1.10xcfc7Standard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.561301947 CET192.168.2.51.1.1.10xfa5bStandard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.712944031 CET192.168.2.51.1.1.10x41b7Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.854295015 CET192.168.2.51.1.1.10x1410Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.453519106 CET192.168.2.51.1.1.10x4b81Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.487328053 CET192.168.2.51.1.1.10xdc20Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.566102982 CET192.168.2.51.1.1.10xc199Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.635242939 CET192.168.2.51.1.1.10xa995Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.667993069 CET192.168.2.51.1.1.10xaf7bStandard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.708332062 CET192.168.2.51.1.1.10xe991Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.781738043 CET192.168.2.51.1.1.10x7caeStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.813968897 CET192.168.2.51.1.1.10x4d15Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.846460104 CET192.168.2.51.1.1.10xa48bStandard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:28.711096048 CET192.168.2.51.1.1.10xb286Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.205037117 CET192.168.2.51.1.1.10x229aStandard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.205135107 CET192.168.2.51.1.1.10xe9c9Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.205251932 CET192.168.2.51.1.1.10x846fStandard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.326373100 CET192.168.2.51.1.1.10x243Standard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.326597929 CET192.168.2.51.1.1.10x5dfbStandard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.326778889 CET192.168.2.51.1.1.10xf096Standard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.465615988 CET192.168.2.51.1.1.10x12b8Standard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.465934038 CET192.168.2.51.1.1.10xb7ffStandard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.466337919 CET192.168.2.51.1.1.10x2fdbStandard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.623270035 CET192.168.2.51.1.1.10x7cd5Standard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.623270035 CET192.168.2.51.1.1.10xb02fStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.843225956 CET192.168.2.51.1.1.10x2019Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.843573093 CET192.168.2.51.1.1.10x526fStandard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.985465050 CET192.168.2.51.1.1.10x14e2Standard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.987294912 CET192.168.2.51.1.1.10xfd91Standard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:33.578598976 CET192.168.2.51.1.1.10xf324Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:33.772272110 CET192.168.2.51.1.1.10x2d92Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.105695963 CET192.168.2.51.1.1.10x4f3cStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.159606934 CET192.168.2.51.1.1.10x2d7cStandard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.222876072 CET192.168.2.51.1.1.10x2487Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.247140884 CET192.168.2.51.1.1.10x2a16Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.388793945 CET192.168.2.51.1.1.10xa8dbStandard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.459287882 CET192.168.2.51.1.1.10x69ceStandard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.600071907 CET192.168.2.51.1.1.10x44e5Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.479789019 CET192.168.2.51.1.1.10xa95eStandard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:45.081111908 CET192.168.2.51.1.1.10xbfbdStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:07.058346033 CET192.168.2.51.1.1.10xdd2bStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:12.859565973 CET192.168.2.51.1.1.10xdd36Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:20.000801086 CET192.168.2.51.1.1.10x37cStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:48.887356043 CET192.168.2.51.1.1.10x3a50Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:49.029618979 CET192.168.2.51.1.1.10x1598Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:50.253376007 CET192.168.2.51.1.1.10xbfa0Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:13.690212011 CET1.1.1.1192.168.2.50xf479No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:13.836083889 CET1.1.1.1192.168.2.50xfcd6No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.506373882 CET1.1.1.1192.168.2.50x6edbNo error (0)youtube.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.506481886 CET1.1.1.1192.168.2.50x75c7No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.506481886 CET1.1.1.1192.168.2.50x75c7No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.661837101 CET1.1.1.1192.168.2.50xb32No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.662264109 CET1.1.1.1192.168.2.50xe6e2No error (0)youtube.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.802387953 CET1.1.1.1192.168.2.50xe647No error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.803591013 CET1.1.1.1192.168.2.50x2c63No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.810028076 CET1.1.1.1192.168.2.50x96d5No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.817117929 CET1.1.1.1192.168.2.50x2dcdNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.817117929 CET1.1.1.1192.168.2.50x2dcdNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.718199015 CET1.1.1.1192.168.2.50x4efbNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.718358040 CET1.1.1.1192.168.2.50x4863No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.763559103 CET1.1.1.1192.168.2.50x13a5No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.763559103 CET1.1.1.1192.168.2.50x13a5No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.903985977 CET1.1.1.1192.168.2.50xc417No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.924027920 CET1.1.1.1192.168.2.50xd52aNo error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.924027920 CET1.1.1.1192.168.2.50xd52aNo error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.924027920 CET1.1.1.1192.168.2.50xd52aNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.062588930 CET1.1.1.1192.168.2.50xfa58No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.109453917 CET1.1.1.1192.168.2.50x4967No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.131572962 CET1.1.1.1192.168.2.50x3cabNo error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.131572962 CET1.1.1.1192.168.2.50x3cabNo error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.155040979 CET1.1.1.1192.168.2.50xcbd3No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.155040979 CET1.1.1.1192.168.2.50xcbd3No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.200656891 CET1.1.1.1192.168.2.50x954aNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.684338093 CET1.1.1.1192.168.2.50x632eNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.684338093 CET1.1.1.1192.168.2.50x632eNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.578860044 CET1.1.1.1192.168.2.50xcfc7No error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.699067116 CET1.1.1.1192.168.2.50xfa5bNo error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.699067116 CET1.1.1.1192.168.2.50xfa5bNo error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.699067116 CET1.1.1.1192.168.2.50xfa5bNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.850181103 CET1.1.1.1192.168.2.50x41b7No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.592185020 CET1.1.1.1192.168.2.50x4b81No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.608309984 CET1.1.1.1192.168.2.50xb0a0No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.703671932 CET1.1.1.1192.168.2.50xd8e7No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.703671932 CET1.1.1.1192.168.2.50xd8e7No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.704674959 CET1.1.1.1192.168.2.50xc199No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.704674959 CET1.1.1.1192.168.2.50xc199No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.773703098 CET1.1.1.1192.168.2.50xa995No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.806376934 CET1.1.1.1192.168.2.50xaf7bNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.845694065 CET1.1.1.1192.168.2.50xe991No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:28.848663092 CET1.1.1.1192.168.2.50xa6e4No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.342319965 CET1.1.1.1192.168.2.50xe9c9No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.342319965 CET1.1.1.1192.168.2.50xe9c9No error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.342470884 CET1.1.1.1192.168.2.50x846fNo error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.342470884 CET1.1.1.1192.168.2.50x846fNo error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.342470884 CET1.1.1.1192.168.2.50x846fNo error (0)youtube-ui.l.google.com172.217.19.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.342470884 CET1.1.1.1192.168.2.50x846fNo error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.342470884 CET1.1.1.1192.168.2.50x846fNo error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.342470884 CET1.1.1.1192.168.2.50x846fNo error (0)youtube-ui.l.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.342470884 CET1.1.1.1192.168.2.50x846fNo error (0)youtube-ui.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.342470884 CET1.1.1.1192.168.2.50x846fNo error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.342470884 CET1.1.1.1192.168.2.50x846fNo error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.342470884 CET1.1.1.1192.168.2.50x846fNo error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.342470884 CET1.1.1.1192.168.2.50x846fNo error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.342470884 CET1.1.1.1192.168.2.50x846fNo error (0)youtube-ui.l.google.com172.217.21.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.342654943 CET1.1.1.1192.168.2.50x229aNo error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.342654943 CET1.1.1.1192.168.2.50x229aNo error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.464493036 CET1.1.1.1192.168.2.50x243No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.464829922 CET1.1.1.1192.168.2.50x5dfbNo error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.464829922 CET1.1.1.1192.168.2.50x5dfbNo error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.464829922 CET1.1.1.1192.168.2.50x5dfbNo error (0)youtube-ui.l.google.com172.217.19.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.464829922 CET1.1.1.1192.168.2.50x5dfbNo error (0)youtube-ui.l.google.com172.217.21.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.464829922 CET1.1.1.1192.168.2.50x5dfbNo error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.464829922 CET1.1.1.1192.168.2.50x5dfbNo error (0)youtube-ui.l.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.464829922 CET1.1.1.1192.168.2.50x5dfbNo error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.464829922 CET1.1.1.1192.168.2.50x5dfbNo error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.464829922 CET1.1.1.1192.168.2.50x5dfbNo error (0)youtube-ui.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.464829922 CET1.1.1.1192.168.2.50x5dfbNo error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.464829922 CET1.1.1.1192.168.2.50x5dfbNo error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.464829922 CET1.1.1.1192.168.2.50x5dfbNo error (0)youtube-ui.l.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.465749025 CET1.1.1.1192.168.2.50xf096No error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.603425980 CET1.1.1.1192.168.2.50xb7ffNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.603425980 CET1.1.1.1192.168.2.50xb7ffNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.603425980 CET1.1.1.1192.168.2.50xb7ffNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.603425980 CET1.1.1.1192.168.2.50xb7ffNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.604079962 CET1.1.1.1192.168.2.50x12b8No error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.605978012 CET1.1.1.1192.168.2.50x2fdbNo error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.760809898 CET1.1.1.1192.168.2.50xb02fNo error (0)twitter.com104.244.42.193A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.762132883 CET1.1.1.1192.168.2.50x7cd5No error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.762132883 CET1.1.1.1192.168.2.50x7cd5No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.762132883 CET1.1.1.1192.168.2.50x7cd5No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.762132883 CET1.1.1.1192.168.2.50x7cd5No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.762132883 CET1.1.1.1192.168.2.50x7cd5No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.984740019 CET1.1.1.1192.168.2.50x2019No error (0)twitter.com104.244.42.193A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.986757994 CET1.1.1.1192.168.2.50x526fNo error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.986757994 CET1.1.1.1192.168.2.50x526fNo error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.986757994 CET1.1.1.1192.168.2.50x526fNo error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:30.986757994 CET1.1.1.1192.168.2.50x526fNo error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.219974041 CET1.1.1.1192.168.2.50xf429No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.219974041 CET1.1.1.1192.168.2.50xf429No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.243940115 CET1.1.1.1192.168.2.50x4f3cNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.243940115 CET1.1.1.1192.168.2.50x4f3cNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.243940115 CET1.1.1.1192.168.2.50x4f3cNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.243940115 CET1.1.1.1192.168.2.50x4f3cNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.387900114 CET1.1.1.1192.168.2.50x2a16No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.387900114 CET1.1.1.1192.168.2.50x2a16No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.387900114 CET1.1.1.1192.168.2.50x2a16No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.387900114 CET1.1.1.1192.168.2.50x2a16No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.457612038 CET1.1.1.1192.168.2.50x2d7cNo error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.457612038 CET1.1.1.1192.168.2.50x2d7cNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.526361942 CET1.1.1.1192.168.2.50xa8dbNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.526361942 CET1.1.1.1192.168.2.50xa8dbNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.526361942 CET1.1.1.1192.168.2.50xa8dbNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.526361942 CET1.1.1.1192.168.2.50xa8dbNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:42.598989964 CET1.1.1.1192.168.2.50x69ceNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.617389917 CET1.1.1.1192.168.2.50xa95eNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.943279028 CET1.1.1.1192.168.2.50xc6acNo error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.943279028 CET1.1.1.1192.168.2.50xc6acNo error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:12.857795000 CET1.1.1.1192.168.2.50x237aNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:20.138462067 CET1.1.1.1192.168.2.50x37cNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:20.138462067 CET1.1.1.1192.168.2.50x37cNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:49.027827978 CET1.1.1.1192.168.2.50x3a50No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:50.391081095 CET1.1.1.1192.168.2.50xbfa0No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:50.391081095 CET1.1.1.1192.168.2.50xbfa0No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                          • detectportal.firefox.com

                                                                                                                                                                                                                                                                                                                                                          HTTP Packets

                                                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                          0192.168.2.54971434.107.221.82801532C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:14.639086962 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:15.725935936 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 14:40:27 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 79428
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                          1192.168.2.54971934.107.221.82801532C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:16.279081106 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.363698959 CET215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 9258
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                          2192.168.2.54972434.107.221.82801532C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:17.805622101 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:18.892038107 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 54880
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.438249111 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.753196001 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 54881
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.159007072 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.473678112 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 54882
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:21.333425045 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:21.647780895 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 54883
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:28.711241007 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.029361963 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 54890
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:32.591276884 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:32.906064987 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 54894
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:34.794173002 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.110312939 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 54896
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.141169071 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.456317902 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 54897
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.334367037 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.649645090 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 54905
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.701143026 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.019388914 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 54905
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.707848072 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:45.025744915 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 54906
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:46.304899931 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:46.619333029 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 54908
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:56.626282930 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:06.772382021 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:08.282593966 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:08.597384930 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 54930
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.087568045 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.403177023 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 54936
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.311652899 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.627286911 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 54937
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:20.000520945 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:20.315176964 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 54942
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:30.325954914 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:40.455991030 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:50.253108025 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:50.568164110 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 54972
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:46:00.569448948 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:46:10.704679012 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:


                                                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                          3192.168.2.54972734.107.221.82801532C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:19.562403917 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                          4192.168.2.54972934.107.221.82801532C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.271415949 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                          5192.168.2.54973034.107.221.82801532C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:20.634726048 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:21.701344013 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 20:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 58640
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                          6192.168.2.54974534.107.221.82801532C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:27.514487982 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:28.230825901 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 20:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 58647
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.211215019 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:29.525877953 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 20:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 58648
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:33.650276899 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:33.965599060 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 20:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 58652
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.113671064 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.428770065 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 20:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 58654
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.459425926 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:35.775657892 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 20:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 58654
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.653297901 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:43.968765020 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 20:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 58662
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.022722960 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:44.338068008 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 20:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 58663
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:45.028736115 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:45.343883991 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 20:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 58664
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:46.622292042 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:46.937669039 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 20:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 58665
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:44:56.942976952 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:07.073101044 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:08.602396011 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:08.917768002 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 20:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 58687
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.406090975 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:14.721771955 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 20:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 58693
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.632651091 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:15.948395967 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 20:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 58694
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:20.318660021 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:20.633582115 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 20:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 58699
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:30.642415047 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:40.772622108 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:50.571903944 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:45:50.887022018 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 15 Dec 2024 20:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 58729
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:46:00.901633978 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Dec 16, 2024 13:46:11.036672115 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:


                                                                                                                                                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                                                                                                                                                          Start time:07:44:04
                                                                                                                                                                                                                                                                                                                                                          Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\fNlxQP0jBz.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\fNlxQP0jBz.exe"
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x890000
                                                                                                                                                                                                                                                                                                                                                          File size:964'608 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:687BBF73E7B900FF5D46C6C2D23C6A40
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                                                                                                                                                                          Start time:07:44:05
                                                                                                                                                                                                                                                                                                                                                          Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0xa00000
                                                                                                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                                                                                                                                                                                          Start time:07:44:05
                                                                                                                                                                                                                                                                                                                                                          Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                                                                                                                                                                                          Start time:07:44:07
                                                                                                                                                                                                                                                                                                                                                          Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0xa00000
                                                                                                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                                                                                                                                                                                          Start time:07:44:07
                                                                                                                                                                                                                                                                                                                                                          Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:6
                                                                                                                                                                                                                                                                                                                                                          Start time:07:44:07
                                                                                                                                                                                                                                                                                                                                                          Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0xa00000
                                                                                                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:7
                                                                                                                                                                                                                                                                                                                                                          Start time:07:44:07
                                                                                                                                                                                                                                                                                                                                                          Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:8
                                                                                                                                                                                                                                                                                                                                                          Start time:07:44:08
                                                                                                                                                                                                                                                                                                                                                          Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0xa00000
                                                                                                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:9
                                                                                                                                                                                                                                                                                                                                                          Start time:07:44:08
                                                                                                                                                                                                                                                                                                                                                          Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:10
                                                                                                                                                                                                                                                                                                                                                          Start time:07:44:08
                                                                                                                                                                                                                                                                                                                                                          Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0xa00000
                                                                                                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:11
                                                                                                                                                                                                                                                                                                                                                          Start time:07:44:08
                                                                                                                                                                                                                                                                                                                                                          Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:12
                                                                                                                                                                                                                                                                                                                                                          Start time:07:44:08
                                                                                                                                                                                                                                                                                                                                                          Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:13
                                                                                                                                                                                                                                                                                                                                                          Start time:07:44:09
                                                                                                                                                                                                                                                                                                                                                          Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:14
                                                                                                                                                                                                                                                                                                                                                          Start time:07:44:09
                                                                                                                                                                                                                                                                                                                                                          Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:16
                                                                                                                                                                                                                                                                                                                                                          Start time:07:44:10
                                                                                                                                                                                                                                                                                                                                                          Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2188 -parentBuildID 20230927232528 -prefsHandle 2132 -prefMapHandle 2124 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9a754aa-3655-4613-bcb0-b77e3b3435f5} 1532 "\\.\pipe\gecko-crash-server-pipe.1532" 1541636f110 socket
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:17
                                                                                                                                                                                                                                                                                                                                                          Start time:07:44:13
                                                                                                                                                                                                                                                                                                                                                          Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3780 -parentBuildID 20230927232528 -prefsHandle 3448 -prefMapHandle 3084 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8366b4e-ce3b-4905-b66e-3975694fae10} 1532 "\\.\pipe\gecko-crash-server-pipe.1532" 15428c2ed10 rdd
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                          Target ID:18
                                                                                                                                                                                                                                                                                                                                                          Start time:07:44:19
                                                                                                                                                                                                                                                                                                                                                          Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5132 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5124 -prefMapHandle 5060 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24de6617-596f-4cb2-aaf6-b661cea48c1c} 1532 "\\.\pipe\gecko-crash-server-pipe.1532" 15430c97110 utility
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                                                                                                            Execution Coverage:2.6%
                                                                                                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                            Signature Coverage:4.1%
                                                                                                                                                                                                                                                                                                                                                            Total number of Nodes:1775
                                                                                                                                                                                                                                                                                                                                                            Total number of Limit Nodes:59
                                                                                                                                                                                                                                                                                                                                                            execution_graph 97929 891cad SystemParametersInfoW 96491 922a55 96499 901ebc 96491->96499 96494 922a70 96501 8f39c0 22 API calls 96494->96501 96496 922a7c 96502 8f417d 22 API calls __fread_nolock 96496->96502 96498 922a87 96500 901ec3 IsWindow 96499->96500 96500->96494 96500->96498 96501->96496 96502->96498 97930 8d2ba5 97931 8d2baf 97930->97931 97932 892b25 97930->97932 97933 893a5a 24 API calls 97931->97933 97958 892b83 7 API calls 97932->97958 97935 8d2bb8 97933->97935 97938 899cb3 22 API calls 97935->97938 97940 8d2bc6 97938->97940 97939 892b2f 97943 893837 49 API calls 97939->97943 97946 892b44 97939->97946 97941 8d2bce 97940->97941 97942 8d2bf5 97940->97942 97944 8933c6 22 API calls 97941->97944 97945 8933c6 22 API calls 97942->97945 97943->97946 97947 8d2bd9 97944->97947 97948 8d2bf1 GetForegroundWindow ShellExecuteW 97945->97948 97949 892b5f 97946->97949 97952 8930f2 Shell_NotifyIconW 97946->97952 97962 896350 22 API calls 97947->97962 97954 8d2c26 97948->97954 97956 892b66 SetCurrentDirectoryW 97949->97956 97952->97949 97953 8d2be7 97955 8933c6 22 API calls 97953->97955 97954->97949 97955->97948 97957 892b7a 97956->97957 97963 892cd4 7 API calls 97958->97963 97960 892b2a 97961 892c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 97960->97961 97961->97939 97962->97953 97963->97960 97964 892de3 97965 892df0 __wsopen_s 97964->97965 97966 892e09 97965->97966 97967 8d2c2b ___scrt_fastfail 97965->97967 97968 893aa2 23 API calls 97966->97968 97970 8d2c47 GetOpenFileNameW 97967->97970 97969 892e12 97968->97969 97980 892da5 97969->97980 97972 8d2c96 97970->97972 97974 896b57 22 API calls 97972->97974 97976 8d2cab 97974->97976 97976->97976 97977 892e27 97998 8944a8 97977->97998 97981 8d1f50 __wsopen_s 97980->97981 97982 892db2 GetLongPathNameW 97981->97982 97983 896b57 22 API calls 97982->97983 97984 892dda 97983->97984 97985 893598 97984->97985 97986 89a961 22 API calls 97985->97986 97987 8935aa 97986->97987 97988 893aa2 23 API calls 97987->97988 97989 8935b5 97988->97989 97990 8d32eb 97989->97990 97991 8935c0 97989->97991 97996 8d330d 97990->97996 98034 8ace60 41 API calls 97990->98034 97992 89515f 22 API calls 97991->97992 97994 8935cc 97992->97994 98028 8935f3 97994->98028 97997 8935df 97997->97977 98035 894ecb 97998->98035 98001 8d3833 98057 902cf9 98001->98057 98003 894ecb 94 API calls 98005 8944e1 98003->98005 98004 8d3848 98006 8d384c 98004->98006 98007 8d3869 98004->98007 98005->98001 98008 8944e9 98005->98008 98098 894f39 98006->98098 98012 8afe0b 22 API calls 98007->98012 98009 8d3854 98008->98009 98010 8944f5 98008->98010 98104 8fda5a 82 API calls 98009->98104 98097 89940c 136 API calls 2 library calls 98010->98097 98020 8d38ae 98012->98020 98015 892e31 98016 8d3862 98016->98007 98017 8d3a5f 98023 8d3a67 98017->98023 98018 894f39 68 API calls 98018->98023 98020->98017 98020->98023 98025 899cb3 22 API calls 98020->98025 98083 89a4a1 98020->98083 98091 893ff7 98020->98091 98105 8f967e 22 API calls __fread_nolock 98020->98105 98106 8f95ad 42 API calls _wcslen 98020->98106 98107 900b5a 22 API calls 98020->98107 98023->98018 98108 8f989b 82 API calls __wsopen_s 98023->98108 98025->98020 98029 893605 98028->98029 98033 893624 __fread_nolock 98028->98033 98032 8afe0b 22 API calls 98029->98032 98030 8afddb 22 API calls 98031 89363b 98030->98031 98031->97997 98032->98033 98033->98030 98034->97990 98109 894e90 LoadLibraryA 98035->98109 98040 8d3ccf 98043 894f39 68 API calls 98040->98043 98041 894ef6 LoadLibraryExW 98117 894e59 LoadLibraryA 98041->98117 98045 8d3cd6 98043->98045 98047 894e59 3 API calls 98045->98047 98049 8d3cde 98047->98049 98048 894f20 98048->98049 98050 894f2c 98048->98050 98139 8950f5 98049->98139 98052 894f39 68 API calls 98050->98052 98054 8944cd 98052->98054 98054->98001 98054->98003 98056 8d3d05 98058 902d15 98057->98058 98059 89511f 64 API calls 98058->98059 98060 902d29 98059->98060 98270 902e66 98060->98270 98063 8950f5 40 API calls 98064 902d56 98063->98064 98065 8950f5 40 API calls 98064->98065 98066 902d66 98065->98066 98067 8950f5 40 API calls 98066->98067 98068 902d81 98067->98068 98069 8950f5 40 API calls 98068->98069 98070 902d9c 98069->98070 98071 89511f 64 API calls 98070->98071 98072 902db3 98071->98072 98073 8bea0c ___std_exception_copy 21 API calls 98072->98073 98074 902dba 98073->98074 98075 8bea0c ___std_exception_copy 21 API calls 98074->98075 98076 902dc4 98075->98076 98077 8950f5 40 API calls 98076->98077 98078 902dd8 98077->98078 98079 9028fe 27 API calls 98078->98079 98080 902dee 98079->98080 98081 902d3f 98080->98081 98276 9022ce 79 API calls 98080->98276 98081->98004 98084 89a52b 98083->98084 98090 89a4b1 __fread_nolock 98083->98090 98086 8afe0b 22 API calls 98084->98086 98085 8afddb 22 API calls 98087 89a4b8 98085->98087 98086->98090 98088 8afddb 22 API calls 98087->98088 98089 89a4d6 98087->98089 98088->98089 98089->98020 98090->98085 98092 89400a 98091->98092 98094 8940ae 98091->98094 98093 8afe0b 22 API calls 98092->98093 98096 89403c 98092->98096 98093->98096 98094->98020 98095 8afddb 22 API calls 98095->98096 98096->98094 98096->98095 98097->98015 98099 894f43 98098->98099 98100 894f4a 98098->98100 98277 8be678 98099->98277 98102 894f59 98100->98102 98103 894f6a FreeLibrary 98100->98103 98102->98009 98103->98102 98104->98016 98105->98020 98106->98020 98107->98020 98108->98023 98110 894ea8 GetProcAddress 98109->98110 98111 894ec6 98109->98111 98112 894eb8 98110->98112 98114 8be5eb 98111->98114 98112->98111 98113 894ebf FreeLibrary 98112->98113 98113->98111 98147 8be52a 98114->98147 98116 894eea 98116->98040 98116->98041 98118 894e8d 98117->98118 98119 894e6e GetProcAddress 98117->98119 98122 894f80 98118->98122 98120 894e7e 98119->98120 98120->98118 98121 894e86 FreeLibrary 98120->98121 98121->98118 98123 8afe0b 22 API calls 98122->98123 98124 894f95 98123->98124 98125 895722 22 API calls 98124->98125 98126 894fa1 __fread_nolock 98125->98126 98127 8d3d1d 98126->98127 98128 8950a5 98126->98128 98132 894fdc 98126->98132 98210 90304d 74 API calls 98127->98210 98199 8942a2 CreateStreamOnHGlobal 98128->98199 98131 8d3d22 98134 89511f 64 API calls 98131->98134 98132->98131 98133 8950f5 40 API calls 98132->98133 98138 89506e ISource 98132->98138 98205 89511f 98132->98205 98133->98132 98135 8d3d45 98134->98135 98136 8950f5 40 API calls 98135->98136 98136->98138 98138->98048 98140 8d3d70 98139->98140 98141 895107 98139->98141 98232 8be8c4 98141->98232 98144 9028fe 98253 90274e 98144->98253 98146 902919 98146->98056 98150 8be536 CallCatchBlock 98147->98150 98148 8be544 98172 8bf2d9 20 API calls _free 98148->98172 98150->98148 98152 8be574 98150->98152 98151 8be549 98173 8c27ec 26 API calls _strftime 98151->98173 98153 8be579 98152->98153 98154 8be586 98152->98154 98174 8bf2d9 20 API calls _free 98153->98174 98164 8c8061 98154->98164 98158 8be58f 98159 8be5a2 98158->98159 98160 8be595 98158->98160 98176 8be5d4 LeaveCriticalSection __fread_nolock 98159->98176 98175 8bf2d9 20 API calls _free 98160->98175 98161 8be554 __wsopen_s 98161->98116 98165 8c806d CallCatchBlock 98164->98165 98177 8c2f5e EnterCriticalSection 98165->98177 98167 8c807b 98178 8c80fb 98167->98178 98171 8c80ac __wsopen_s 98171->98158 98172->98151 98173->98161 98174->98161 98175->98161 98176->98161 98177->98167 98186 8c811e 98178->98186 98179 8c8177 98180 8c4c7d _free 20 API calls 98179->98180 98181 8c8180 98180->98181 98183 8c29c8 _free 20 API calls 98181->98183 98184 8c8189 98183->98184 98190 8c8088 98184->98190 98196 8c3405 11 API calls 2 library calls 98184->98196 98186->98179 98186->98190 98194 8b918d EnterCriticalSection 98186->98194 98195 8b91a1 LeaveCriticalSection 98186->98195 98187 8c81a8 98197 8b918d EnterCriticalSection 98187->98197 98191 8c80b7 98190->98191 98198 8c2fa6 LeaveCriticalSection 98191->98198 98193 8c80be 98193->98171 98194->98186 98195->98186 98196->98187 98197->98190 98198->98193 98200 8942bc FindResourceExW 98199->98200 98204 8942d9 98199->98204 98201 8d35ba LoadResource 98200->98201 98200->98204 98202 8d35cf SizeofResource 98201->98202 98201->98204 98203 8d35e3 LockResource 98202->98203 98202->98204 98203->98204 98204->98132 98206 89512e 98205->98206 98207 8d3d90 98205->98207 98211 8bece3 98206->98211 98210->98131 98214 8beaaa 98211->98214 98213 89513c 98213->98132 98218 8beab6 CallCatchBlock 98214->98218 98215 8beac2 98227 8bf2d9 20 API calls _free 98215->98227 98217 8beae8 98229 8b918d EnterCriticalSection 98217->98229 98218->98215 98218->98217 98220 8beac7 98228 8c27ec 26 API calls _strftime 98220->98228 98221 8beaf4 98230 8bec0a 62 API calls 2 library calls 98221->98230 98224 8beb08 98231 8beb27 LeaveCriticalSection __fread_nolock 98224->98231 98226 8bead2 __wsopen_s 98226->98213 98227->98220 98228->98226 98229->98221 98230->98224 98231->98226 98235 8be8e1 98232->98235 98234 895118 98234->98144 98236 8be8ed CallCatchBlock 98235->98236 98237 8be92d 98236->98237 98239 8be925 __wsopen_s 98236->98239 98241 8be900 ___scrt_fastfail 98236->98241 98250 8b918d EnterCriticalSection 98237->98250 98239->98234 98240 8be937 98251 8be6f8 38 API calls 4 library calls 98240->98251 98248 8bf2d9 20 API calls _free 98241->98248 98244 8be91a 98249 8c27ec 26 API calls _strftime 98244->98249 98245 8be94e 98252 8be96c LeaveCriticalSection __fread_nolock 98245->98252 98248->98244 98249->98239 98250->98240 98251->98245 98252->98239 98256 8be4e8 98253->98256 98255 90275d 98255->98146 98259 8be469 98256->98259 98258 8be505 98258->98255 98260 8be478 98259->98260 98261 8be48c 98259->98261 98267 8bf2d9 20 API calls _free 98260->98267 98266 8be488 __alldvrm 98261->98266 98269 8c333f 11 API calls 2 library calls 98261->98269 98263 8be47d 98268 8c27ec 26 API calls _strftime 98263->98268 98266->98258 98267->98263 98268->98266 98269->98266 98275 902e7a 98270->98275 98271 8950f5 40 API calls 98271->98275 98272 902d3b 98272->98063 98272->98081 98273 9028fe 27 API calls 98273->98275 98274 89511f 64 API calls 98274->98275 98275->98271 98275->98272 98275->98273 98275->98274 98276->98081 98278 8be684 CallCatchBlock 98277->98278 98279 8be6aa 98278->98279 98280 8be695 98278->98280 98289 8be6a5 __wsopen_s 98279->98289 98292 8b918d EnterCriticalSection 98279->98292 98290 8bf2d9 20 API calls _free 98280->98290 98282 8be69a 98291 8c27ec 26 API calls _strftime 98282->98291 98285 8be6c6 98293 8be602 98285->98293 98287 8be6d1 98309 8be6ee LeaveCriticalSection __fread_nolock 98287->98309 98289->98100 98290->98282 98291->98289 98292->98285 98294 8be60f 98293->98294 98295 8be624 98293->98295 98310 8bf2d9 20 API calls _free 98294->98310 98307 8be61f 98295->98307 98312 8bdc0b 98295->98312 98298 8be614 98311 8c27ec 26 API calls _strftime 98298->98311 98304 8be646 98329 8c862f 98304->98329 98307->98287 98308 8c29c8 _free 20 API calls 98308->98307 98309->98289 98310->98298 98311->98307 98313 8bdc23 98312->98313 98315 8bdc1f 98312->98315 98314 8bd955 __fread_nolock 26 API calls 98313->98314 98313->98315 98316 8bdc43 98314->98316 98318 8c4d7a 98315->98318 98344 8c59be 62 API calls 5 library calls 98316->98344 98319 8be640 98318->98319 98320 8c4d90 98318->98320 98322 8bd955 98319->98322 98320->98319 98321 8c29c8 _free 20 API calls 98320->98321 98321->98319 98323 8bd961 98322->98323 98324 8bd976 98322->98324 98345 8bf2d9 20 API calls _free 98323->98345 98324->98304 98326 8bd966 98346 8c27ec 26 API calls _strftime 98326->98346 98328 8bd971 98328->98304 98330 8c863e 98329->98330 98331 8c8653 98329->98331 98347 8bf2c6 20 API calls _free 98330->98347 98333 8c868e 98331->98333 98338 8c867a 98331->98338 98352 8bf2c6 20 API calls _free 98333->98352 98334 8c8643 98348 8bf2d9 20 API calls _free 98334->98348 98336 8c8693 98353 8bf2d9 20 API calls _free 98336->98353 98349 8c8607 98338->98349 98341 8c869b 98354 8c27ec 26 API calls _strftime 98341->98354 98342 8be64c 98342->98307 98342->98308 98344->98315 98345->98326 98346->98328 98347->98334 98348->98342 98355 8c8585 98349->98355 98351 8c862b 98351->98342 98352->98336 98353->98341 98354->98342 98356 8c8591 CallCatchBlock 98355->98356 98366 8c5147 EnterCriticalSection 98356->98366 98358 8c859f 98359 8c85c6 98358->98359 98360 8c85d1 98358->98360 98362 8c86ae __wsopen_s 29 API calls 98359->98362 98367 8bf2d9 20 API calls _free 98360->98367 98363 8c85cc 98362->98363 98368 8c85fb LeaveCriticalSection __wsopen_s 98363->98368 98365 8c85ee __wsopen_s 98365->98351 98366->98358 98367->98363 98368->98365 98369 89dee5 98372 89b710 98369->98372 98373 89b72b 98372->98373 98374 8e00f8 98373->98374 98375 8e0146 98373->98375 98395 89b750 98373->98395 98378 8e0102 98374->98378 98381 8e010f 98374->98381 98374->98395 98413 9158a2 348 API calls 2 library calls 98375->98413 98411 915d33 348 API calls 98378->98411 98394 89ba20 98381->98394 98412 9161d0 348 API calls 2 library calls 98381->98412 98383 8ad336 40 API calls 98383->98395 98386 8e03d9 98386->98386 98389 89ba4e 98390 8e0322 98416 915c0c 82 API calls 98390->98416 98393 89a81b 41 API calls 98393->98395 98394->98389 98417 90359c 82 API calls __wsopen_s 98394->98417 98395->98383 98395->98389 98395->98390 98395->98393 98395->98394 98398 89aceb 23 API calls 98395->98398 98399 89bbe0 40 API calls 98395->98399 98400 89ec40 348 API calls 98395->98400 98403 8ad2f0 40 API calls 98395->98403 98404 8aa01b 348 API calls 98395->98404 98405 8b0242 5 API calls __Init_thread_wait 98395->98405 98406 8aedcd 22 API calls 98395->98406 98407 8b00a3 29 API calls __onexit 98395->98407 98408 8b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 98395->98408 98409 8aee53 82 API calls 98395->98409 98410 8ae5ca 348 API calls 98395->98410 98414 8ef6bf 23 API calls 98395->98414 98415 89a8c7 22 API calls __fread_nolock 98395->98415 98398->98395 98399->98395 98400->98395 98403->98395 98404->98395 98405->98395 98406->98395 98407->98395 98408->98395 98409->98395 98410->98395 98411->98381 98412->98394 98413->98395 98414->98395 98415->98395 98416->98394 98417->98386 96503 891044 96508 8910f3 96503->96508 96505 89104a 96544 8b00a3 29 API calls __onexit 96505->96544 96507 891054 96545 891398 96508->96545 96512 89116a 96555 89a961 96512->96555 96515 89a961 22 API calls 96516 89117e 96515->96516 96517 89a961 22 API calls 96516->96517 96518 891188 96517->96518 96519 89a961 22 API calls 96518->96519 96520 8911c6 96519->96520 96521 89a961 22 API calls 96520->96521 96522 891292 96521->96522 96560 89171c 96522->96560 96526 8912c4 96527 89a961 22 API calls 96526->96527 96528 8912ce 96527->96528 96581 8a1940 96528->96581 96530 8912f9 96591 891aab 96530->96591 96532 891315 96533 891325 GetStdHandle 96532->96533 96534 89137a 96533->96534 96535 8d2485 96533->96535 96538 891387 OleInitialize 96534->96538 96535->96534 96536 8d248e 96535->96536 96598 8afddb 96536->96598 96538->96505 96539 8d2495 96608 90011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 96539->96608 96541 8d249e 96609 900944 CreateThread 96541->96609 96543 8d24aa CloseHandle 96543->96534 96544->96507 96610 8913f1 96545->96610 96548 8913f1 22 API calls 96549 8913d0 96548->96549 96550 89a961 22 API calls 96549->96550 96551 8913dc 96550->96551 96617 896b57 96551->96617 96553 891129 96554 891bc3 6 API calls 96553->96554 96554->96512 96556 8afe0b 22 API calls 96555->96556 96557 89a976 96556->96557 96558 8afddb 22 API calls 96557->96558 96559 891174 96558->96559 96559->96515 96561 89a961 22 API calls 96560->96561 96562 89172c 96561->96562 96563 89a961 22 API calls 96562->96563 96564 891734 96563->96564 96565 89a961 22 API calls 96564->96565 96566 89174f 96565->96566 96567 8afddb 22 API calls 96566->96567 96568 89129c 96567->96568 96569 891b4a 96568->96569 96570 891b58 96569->96570 96571 89a961 22 API calls 96570->96571 96572 891b63 96571->96572 96573 89a961 22 API calls 96572->96573 96574 891b6e 96573->96574 96575 89a961 22 API calls 96574->96575 96576 891b79 96575->96576 96577 89a961 22 API calls 96576->96577 96578 891b84 96577->96578 96579 8afddb 22 API calls 96578->96579 96580 891b96 RegisterWindowMessageW 96579->96580 96580->96526 96582 8a1981 96581->96582 96586 8a195d 96581->96586 96662 8b0242 5 API calls __Init_thread_wait 96582->96662 96585 8a198b 96585->96586 96663 8b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96585->96663 96590 8a196e 96586->96590 96664 8b0242 5 API calls __Init_thread_wait 96586->96664 96587 8a8727 96587->96590 96665 8b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96587->96665 96590->96530 96592 8d272d 96591->96592 96593 891abb 96591->96593 96666 903209 23 API calls 96592->96666 96595 8afddb 22 API calls 96593->96595 96597 891ac3 96595->96597 96596 8d2738 96597->96532 96601 8afde0 96598->96601 96599 8bea0c ___std_exception_copy 21 API calls 96599->96601 96600 8afdfa 96600->96539 96601->96599 96601->96600 96604 8afdfc 96601->96604 96667 8b4ead 7 API calls 2 library calls 96601->96667 96603 8b066d 96669 8b32a4 RaiseException 96603->96669 96604->96603 96668 8b32a4 RaiseException 96604->96668 96607 8b068a 96607->96539 96608->96541 96609->96543 96670 90092a 28 API calls 96609->96670 96611 89a961 22 API calls 96610->96611 96612 8913fc 96611->96612 96613 89a961 22 API calls 96612->96613 96614 891404 96613->96614 96615 89a961 22 API calls 96614->96615 96616 8913c6 96615->96616 96616->96548 96618 8d4ba1 96617->96618 96619 896b67 _wcslen 96617->96619 96640 8993b2 96618->96640 96622 896b7d 96619->96622 96623 896ba2 96619->96623 96621 8d4baa 96621->96621 96629 896f34 22 API calls 96622->96629 96625 8afddb 22 API calls 96623->96625 96627 896bae 96625->96627 96626 896b85 __fread_nolock 96626->96553 96630 8afe0b 96627->96630 96629->96626 96632 8afddb 96630->96632 96633 8afdfa 96632->96633 96636 8afdfc 96632->96636 96644 8bea0c 96632->96644 96651 8b4ead 7 API calls 2 library calls 96632->96651 96633->96626 96635 8b066d 96653 8b32a4 RaiseException 96635->96653 96636->96635 96652 8b32a4 RaiseException 96636->96652 96639 8b068a 96639->96626 96641 8993c0 96640->96641 96642 8993c9 __fread_nolock 96640->96642 96641->96642 96656 89aec9 96641->96656 96642->96621 96642->96642 96649 8c3820 _free 96644->96649 96645 8c385e 96655 8bf2d9 20 API calls _free 96645->96655 96646 8c3849 RtlAllocateHeap 96648 8c385c 96646->96648 96646->96649 96648->96632 96649->96645 96649->96646 96654 8b4ead 7 API calls 2 library calls 96649->96654 96651->96632 96652->96635 96653->96639 96654->96649 96655->96648 96657 89aedc 96656->96657 96661 89aed9 __fread_nolock 96656->96661 96658 8afddb 22 API calls 96657->96658 96659 89aee7 96658->96659 96660 8afe0b 22 API calls 96659->96660 96660->96661 96661->96642 96662->96585 96663->96586 96664->96587 96665->96590 96666->96596 96667->96601 96668->96603 96669->96607 96671 8e2a00 96686 89d7b0 ISource 96671->96686 96672 89db11 PeekMessageW 96672->96686 96673 89d807 GetInputState 96673->96672 96673->96686 96675 8e1cbe TranslateAcceleratorW 96675->96686 96676 89da04 timeGetTime 96676->96686 96677 89db8f PeekMessageW 96677->96686 96678 89db73 TranslateMessage DispatchMessageW 96678->96677 96679 89dbaf Sleep 96679->96686 96680 8e2b74 Sleep 96693 8e2a51 96680->96693 96683 8e1dda timeGetTime 96859 8ae300 23 API calls 96683->96859 96686->96672 96686->96673 96686->96675 96686->96676 96686->96677 96686->96678 96686->96679 96686->96680 96686->96683 96692 89d9d5 96686->96692 96686->96693 96703 89dd50 96686->96703 96710 89dfd0 96686->96710 96738 89bf40 96686->96738 96796 8aedf6 96686->96796 96801 8a1310 96686->96801 96858 8ae551 timeGetTime 96686->96858 96860 903a2a 23 API calls 96686->96860 96861 89ec40 96686->96861 96885 90359c 82 API calls __wsopen_s 96686->96885 96687 8e2c0b GetExitCodeProcess 96688 8e2c37 CloseHandle 96687->96688 96689 8e2c21 WaitForSingleObject 96687->96689 96688->96693 96689->96686 96689->96688 96690 9229bf GetForegroundWindow 96690->96693 96693->96686 96693->96687 96693->96690 96693->96692 96694 8e2ca9 Sleep 96693->96694 96886 915658 23 API calls 96693->96886 96887 8fe97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 96693->96887 96888 8ae551 timeGetTime 96693->96888 96889 8fd4dc CreateToolhelp32Snapshot Process32FirstW 96693->96889 96694->96686 96704 89dd6f 96703->96704 96705 89dd83 96703->96705 96899 89d260 96704->96899 96931 90359c 82 API calls __wsopen_s 96705->96931 96707 89dd7a 96707->96686 96709 8e2f75 96709->96709 96711 89e010 96710->96711 96712 8e2f7a 96711->96712 96716 89e075 96711->96716 96713 89ec40 348 API calls 96712->96713 96714 8e2f8c 96713->96714 96737 89e0dc ISource 96714->96737 96947 90359c 82 API calls __wsopen_s 96714->96947 96716->96737 96948 8b0242 5 API calls __Init_thread_wait 96716->96948 96719 8e2fca 96721 89a961 22 API calls 96719->96721 96719->96737 96720 89a961 22 API calls 96720->96737 96722 8e2fe4 96721->96722 96949 8b00a3 29 API calls __onexit 96722->96949 96726 8e2fee 96950 8b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96726->96950 96729 89ec40 348 API calls 96729->96737 96732 89e3e1 96732->96686 96733 8a04f0 22 API calls 96733->96737 96734 90359c 82 API calls 96734->96737 96737->96720 96737->96729 96737->96732 96737->96733 96737->96734 96941 89a8c7 22 API calls __fread_nolock 96737->96941 96942 89a81b 96737->96942 96946 8aa308 348 API calls 96737->96946 96951 8b0242 5 API calls __Init_thread_wait 96737->96951 96952 8b00a3 29 API calls __onexit 96737->96952 96953 8b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96737->96953 96954 9147d4 348 API calls 96737->96954 96955 9168c1 348 API calls 96737->96955 96998 89adf0 96738->96998 96740 89bf9d 96741 89bfa9 96740->96741 96742 8e04b6 96740->96742 96744 8e04c6 96741->96744 96745 89c01e 96741->96745 97016 90359c 82 API calls __wsopen_s 96742->97016 97017 90359c 82 API calls __wsopen_s 96744->97017 97003 89ac91 96745->97003 96748 8e04f5 96750 8e055a 96748->96750 97018 8ad217 348 API calls 96748->97018 96749 8f7120 22 API calls 96792 89c039 ISource __fread_nolock 96749->96792 96781 89c603 96750->96781 97019 90359c 82 API calls __wsopen_s 96750->97019 96752 89c7da 96755 8afe0b 22 API calls 96752->96755 96759 89c808 __fread_nolock 96755->96759 96763 8afe0b 22 API calls 96759->96763 96760 89ec40 348 API calls 96760->96792 96761 89af8a 22 API calls 96761->96792 96762 8e091a 97026 903209 23 API calls 96762->97026 96793 89c350 ISource __fread_nolock 96763->96793 96766 8e08a5 96767 89ec40 348 API calls 96766->96767 96769 8e08cf 96767->96769 96771 89a81b 41 API calls 96769->96771 96769->96781 96770 8e0591 97020 90359c 82 API calls __wsopen_s 96770->97020 96773 8e08f6 96771->96773 96772 89a993 41 API calls 96772->96792 97025 90359c 82 API calls __wsopen_s 96773->97025 96775 89bbe0 40 API calls 96775->96792 96777 89c237 96779 89c253 96777->96779 97027 89a8c7 22 API calls __fread_nolock 96777->97027 96778 89aceb 23 API calls 96778->96792 96783 8e0976 96779->96783 96786 89c297 ISource 96779->96786 96781->96686 96782 8afddb 22 API calls 96782->96792 96785 89aceb 23 API calls 96783->96785 96788 8e09bf 96785->96788 96787 89aceb 23 API calls 96786->96787 96786->96788 96789 89c335 96787->96789 96788->96781 97028 90359c 82 API calls __wsopen_s 96788->97028 96789->96788 96790 89c342 96789->96790 97014 89a704 22 API calls ISource 96790->97014 96792->96748 96792->96749 96792->96750 96792->96752 96792->96759 96792->96760 96792->96761 96792->96762 96792->96766 96792->96770 96792->96772 96792->96773 96792->96775 96792->96777 96792->96778 96792->96781 96792->96782 96792->96788 96794 8afe0b 22 API calls 96792->96794 97007 89ad81 96792->97007 97021 8f7099 22 API calls __fread_nolock 96792->97021 97022 915745 54 API calls _wcslen 96792->97022 97023 8aaa42 22 API calls ISource 96792->97023 97024 8ff05c 40 API calls 96792->97024 96795 89c3ac 96793->96795 97015 8ace17 22 API calls ISource 96793->97015 96794->96792 96795->96686 96797 8aee09 96796->96797 96798 8aee12 96796->96798 96797->96686 96798->96797 96799 8aee36 IsDialogMessageW 96798->96799 96800 8eefaf GetClassLongW 96798->96800 96799->96797 96799->96798 96800->96798 96800->96799 96802 8a17b0 96801->96802 96803 8a1376 96801->96803 97067 8b0242 5 API calls __Init_thread_wait 96802->97067 96804 8a1390 96803->96804 96805 8e6331 96803->96805 96807 8a1940 9 API calls 96804->96807 96808 8e633d 96805->96808 97077 91709c 348 API calls 96805->97077 96811 8a13a0 96807->96811 96808->96686 96810 8a17ba 96812 8a17fb 96810->96812 97068 899cb3 96810->97068 96813 8a1940 9 API calls 96811->96813 96816 8e6346 96812->96816 96818 8a182c 96812->96818 96815 8a13b6 96813->96815 96815->96812 96817 8a13ec 96815->96817 97078 90359c 82 API calls __wsopen_s 96816->97078 96817->96816 96841 8a1408 __fread_nolock 96817->96841 96819 89aceb 23 API calls 96818->96819 96822 8a1839 96819->96822 96821 8a17d4 97074 8b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96821->97074 97075 8ad217 348 API calls 96822->97075 96825 8e636e 97079 90359c 82 API calls __wsopen_s 96825->97079 96826 8a152f 96828 8a153c 96826->96828 96829 8e63d1 96826->96829 96831 8a1940 9 API calls 96828->96831 97081 915745 54 API calls _wcslen 96829->97081 96832 8a1549 96831->96832 96836 8e64fa 96832->96836 96838 8a1940 9 API calls 96832->96838 96833 8afddb 22 API calls 96833->96841 96834 8a1872 97076 8afaeb 23 API calls 96834->97076 96835 8afe0b 22 API calls 96835->96841 96845 8e6369 96836->96845 97083 90359c 82 API calls __wsopen_s 96836->97083 96843 8a1563 96838->96843 96840 89ec40 348 API calls 96840->96841 96841->96822 96841->96825 96841->96826 96841->96833 96841->96835 96841->96840 96842 8e63b2 96841->96842 96841->96845 97080 90359c 82 API calls __wsopen_s 96842->97080 96843->96836 96848 8a15c7 ISource 96843->96848 97082 89a8c7 22 API calls __fread_nolock 96843->97082 96845->96686 96847 8a1940 9 API calls 96847->96848 96848->96834 96848->96836 96848->96845 96848->96847 96850 8a167b ISource 96848->96850 97038 91a2ea 96848->97038 97043 91ab67 96848->97043 97046 921591 96848->97046 97049 905c5a 96848->97049 97054 91abf7 96848->97054 97059 8af645 96848->97059 96849 8a171d 96849->96686 96850->96849 97066 8ace17 22 API calls ISource 96850->97066 96858->96686 96859->96686 96860->96686 96863 89ec76 ISource 96861->96863 96862 8b0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96862->96863 96863->96862 96864 8b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96863->96864 96865 8e4beb 96863->96865 96866 8afddb 22 API calls 96863->96866 96867 89ed9d ISource 96863->96867 96868 89fef7 96863->96868 96871 8e4b0b 96863->96871 96875 8e4600 96863->96875 96877 89a8c7 22 API calls 96863->96877 96879 89fbe3 96863->96879 96880 89a961 22 API calls 96863->96880 96881 8b00a3 29 API calls pre_c_initialization 96863->96881 96884 89f3ae ISource 96863->96884 97255 8a01e0 96863->97255 97316 8a06a0 41 API calls ISource 96863->97316 96864->96863 97322 90359c 82 API calls __wsopen_s 96865->97322 96866->96863 96867->96686 96868->96867 97318 89a8c7 22 API calls __fread_nolock 96868->97318 97320 90359c 82 API calls __wsopen_s 96871->97320 96875->96867 97317 89a8c7 22 API calls __fread_nolock 96875->97317 96877->96863 96879->96867 96882 8e4bdc 96879->96882 96879->96884 96880->96863 96881->96863 97321 90359c 82 API calls __wsopen_s 96882->97321 96884->96867 97319 90359c 82 API calls __wsopen_s 96884->97319 96885->96686 96886->96693 96887->96693 96888->96693 97353 8fdef7 96889->97353 96891 8fd5db CloseHandle 96891->96693 96892 8fd529 Process32NextW 96892->96891 96893 8fd522 96892->96893 96893->96891 96893->96892 96894 89a961 22 API calls 96893->96894 96895 899cb3 22 API calls 96893->96895 97359 89525f 22 API calls 96893->97359 97360 896350 22 API calls 96893->97360 97361 8ace60 41 API calls 96893->97361 96894->96893 96895->96893 96900 89ec40 348 API calls 96899->96900 96904 89d29d 96900->96904 96901 89d30b ISource 96901->96707 96903 89d6d5 96903->96901 96914 8afe0b 22 API calls 96903->96914 96904->96901 96904->96903 96905 89d3c3 96904->96905 96910 89d4b8 96904->96910 96916 8e1bc4 96904->96916 96918 8afddb 22 API calls 96904->96918 96926 89d429 ISource __fread_nolock 96904->96926 96905->96903 96907 89d3ce 96905->96907 96906 89d5ff 96908 8e1bb5 96906->96908 96909 89d614 96906->96909 96911 8afddb 22 API calls 96907->96911 96939 915705 23 API calls 96908->96939 96913 8afddb 22 API calls 96909->96913 96915 8afe0b 22 API calls 96910->96915 96920 89d3d5 __fread_nolock 96911->96920 96923 89d46a 96913->96923 96914->96920 96915->96926 96940 90359c 82 API calls __wsopen_s 96916->96940 96917 8afddb 22 API calls 96919 89d3f6 96917->96919 96918->96904 96919->96926 96932 89bec0 348 API calls 96919->96932 96920->96917 96920->96919 96922 8e1ba4 96938 90359c 82 API calls __wsopen_s 96922->96938 96923->96707 96926->96906 96926->96922 96926->96923 96927 8e1b7f 96926->96927 96929 8e1b5d 96926->96929 96933 891f6f 96926->96933 96937 90359c 82 API calls __wsopen_s 96927->96937 96936 90359c 82 API calls __wsopen_s 96929->96936 96931->96709 96932->96926 96934 89ec40 348 API calls 96933->96934 96935 891f98 96934->96935 96935->96926 96936->96923 96937->96923 96938->96923 96939->96916 96940->96901 96941->96737 96943 89a826 96942->96943 96944 89a855 96943->96944 96956 89a993 96943->96956 96944->96737 96946->96737 96947->96737 96948->96719 96949->96726 96950->96737 96951->96737 96952->96737 96953->96737 96954->96737 96955->96737 96973 89bbe0 96956->96973 96958 89a9a3 96959 8df8c8 96958->96959 96960 89a9b1 96958->96960 96983 89aceb 96959->96983 96962 8afddb 22 API calls 96960->96962 96964 89a9c2 96962->96964 96963 8df8d3 96965 89a961 22 API calls 96964->96965 96966 89a9cc 96965->96966 96967 89a9db 96966->96967 96981 89a8c7 22 API calls __fread_nolock 96966->96981 96968 8afddb 22 API calls 96967->96968 96970 89a9e5 96968->96970 96982 89a869 40 API calls 96970->96982 96972 89aa09 96972->96944 96974 89be27 96973->96974 96976 89bbf3 96973->96976 96974->96958 96977 89a961 22 API calls 96976->96977 96979 89bc9d 96976->96979 96993 8b0242 5 API calls __Init_thread_wait 96976->96993 96994 8b00a3 29 API calls __onexit 96976->96994 96995 8b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96976->96995 96977->96976 96979->96958 96981->96967 96982->96972 96984 89acf9 96983->96984 96992 89ad2a ISource 96983->96992 96985 89ad55 96984->96985 96987 89ad01 ISource 96984->96987 96985->96992 96996 89a8c7 22 API calls __fread_nolock 96985->96996 96988 8dfa48 96987->96988 96989 89ad21 96987->96989 96987->96992 96988->96992 96997 8ace17 22 API calls ISource 96988->96997 96991 8dfa3a VariantClear 96989->96991 96989->96992 96991->96992 96992->96963 96993->96976 96994->96976 96995->96976 96996->96992 96997->96992 96999 89ae01 96998->96999 97002 89ae1c ISource 96998->97002 97000 89aec9 22 API calls 96999->97000 97001 89ae09 CharUpperBuffW 97000->97001 97001->97002 97002->96740 97004 89acae 97003->97004 97005 89acd1 97004->97005 97029 90359c 82 API calls __wsopen_s 97004->97029 97005->96792 97008 8dfadb 97007->97008 97009 89ad92 97007->97009 97010 8afddb 22 API calls 97009->97010 97011 89ad99 97010->97011 97030 89adcd 97011->97030 97014->96793 97015->96793 97016->96744 97017->96781 97018->96750 97019->96781 97020->96781 97021->96792 97022->96792 97023->96792 97024->96792 97025->96781 97026->96777 97027->96779 97028->96781 97029->97005 97033 89addd 97030->97033 97031 89adb6 97031->96792 97032 8afddb 22 API calls 97032->97033 97033->97031 97033->97032 97034 89a961 22 API calls 97033->97034 97035 89adcd 22 API calls 97033->97035 97037 89a8c7 22 API calls __fread_nolock 97033->97037 97034->97033 97035->97033 97037->97033 97084 897510 97038->97084 97041 8fd4dc 47 API calls 97042 91a315 97041->97042 97042->96848 97111 91aff9 97043->97111 97239 922ad8 97046->97239 97048 92159f 97048->96848 97050 897510 53 API calls 97049->97050 97051 905c6d 97050->97051 97250 8fdbbe lstrlenW 97051->97250 97053 905c77 97053->96848 97055 91aff9 217 API calls 97054->97055 97057 91ac0c 97055->97057 97056 91ac54 97056->96848 97057->97056 97058 89aceb 23 API calls 97057->97058 97058->97056 97060 89b567 39 API calls 97059->97060 97061 8af659 97060->97061 97062 8ef2dc Sleep 97061->97062 97063 8af661 timeGetTime 97061->97063 97064 89b567 39 API calls 97063->97064 97065 8af677 97064->97065 97065->96848 97066->96850 97067->96810 97069 899cc2 _wcslen 97068->97069 97070 8afe0b 22 API calls 97069->97070 97071 899cea __fread_nolock 97070->97071 97072 8afddb 22 API calls 97071->97072 97073 899d00 97072->97073 97073->96821 97074->96812 97075->96834 97076->96834 97077->96808 97078->96845 97079->96845 97080->96845 97081->96843 97082->96848 97083->96845 97085 897525 97084->97085 97100 897522 97084->97100 97086 89755b 97085->97086 97087 89752d 97085->97087 97089 89756d 97086->97089 97096 8d50f6 97086->97096 97098 8d500f 97086->97098 97107 8b51c6 26 API calls 97087->97107 97108 8afb21 51 API calls 97089->97108 97090 89753d 97095 8afddb 22 API calls 97090->97095 97093 8d510e 97093->97093 97097 897547 97095->97097 97110 8b5183 26 API calls 97096->97110 97099 899cb3 22 API calls 97097->97099 97101 8afe0b 22 API calls 97098->97101 97106 8d5088 97098->97106 97099->97100 97100->97041 97102 8d5058 97101->97102 97103 8afddb 22 API calls 97102->97103 97104 8d507f 97103->97104 97105 899cb3 22 API calls 97104->97105 97105->97106 97109 8afb21 51 API calls 97106->97109 97107->97090 97108->97090 97109->97096 97110->97093 97112 91b01d ___scrt_fastfail 97111->97112 97113 91b094 97112->97113 97114 91b058 97112->97114 97117 89b567 39 API calls 97113->97117 97127 91b08b 97113->97127 97209 89b567 97114->97209 97116 91b063 97120 89b567 39 API calls 97116->97120 97116->97127 97119 91b0a5 97117->97119 97118 897510 53 API calls 97122 91b10b 97118->97122 97123 89b567 39 API calls 97119->97123 97124 91b078 97120->97124 97121 89b567 39 API calls 97125 91b0ed 97121->97125 97202 897620 97122->97202 97123->97127 97128 89b567 39 API calls 97124->97128 97125->97118 97127->97121 97127->97125 97128->97127 97129 91b115 97130 91b1d8 97129->97130 97131 91b11f 97129->97131 97133 91b20a GetCurrentDirectoryW 97130->97133 97136 897510 53 API calls 97130->97136 97132 897510 53 API calls 97131->97132 97134 91b130 97132->97134 97135 8afe0b 22 API calls 97133->97135 97137 897620 22 API calls 97134->97137 97138 91b22f GetCurrentDirectoryW 97135->97138 97139 91b1ef 97136->97139 97140 91b13a 97137->97140 97141 91b23c 97138->97141 97142 897620 22 API calls 97139->97142 97143 897510 53 API calls 97140->97143 97146 91b275 97141->97146 97214 899c6e 22 API calls 97141->97214 97144 91b1f9 _wcslen 97142->97144 97145 91b14b 97143->97145 97144->97133 97144->97146 97147 897620 22 API calls 97145->97147 97153 91b287 97146->97153 97154 91b28b 97146->97154 97149 91b155 97147->97149 97151 897510 53 API calls 97149->97151 97150 91b255 97215 899c6e 22 API calls 97150->97215 97156 91b166 97151->97156 97159 91b2f8 97153->97159 97160 91b39a CreateProcessW 97153->97160 97217 9007c0 10 API calls 97154->97217 97161 897620 22 API calls 97156->97161 97157 91b265 97216 899c6e 22 API calls 97157->97216 97158 91b294 97218 9006e6 10 API calls 97158->97218 97220 8f11c8 39 API calls 97159->97220 97201 91b32f _wcslen 97160->97201 97165 91b170 97161->97165 97168 91b1a6 GetSystemDirectoryW 97165->97168 97173 897510 53 API calls 97165->97173 97166 91b2aa 97219 9005a7 8 API calls 97166->97219 97167 91b2fd 97171 91b323 97167->97171 97172 91b32a 97167->97172 97170 8afe0b 22 API calls 97168->97170 97175 91b1cb GetSystemDirectoryW 97170->97175 97221 8f1201 128 API calls 2 library calls 97171->97221 97222 8f14ce 6 API calls 97172->97222 97177 91b187 97173->97177 97174 91b2d0 97174->97153 97175->97141 97180 897620 22 API calls 97177->97180 97179 91b328 97179->97201 97181 91b191 _wcslen 97180->97181 97181->97141 97181->97168 97182 91b3d6 GetLastError 97191 91b41a 97182->97191 97183 91b42f CloseHandle 97184 91b43f 97183->97184 97192 91b49a 97183->97192 97185 91b451 97184->97185 97186 91b446 CloseHandle 97184->97186 97189 91b463 97185->97189 97190 91b458 CloseHandle 97185->97190 97186->97185 97188 91b4a6 97188->97191 97193 91b475 97189->97193 97194 91b46a CloseHandle 97189->97194 97190->97189 97206 900175 97191->97206 97192->97188 97197 91b4d2 CloseHandle 97192->97197 97223 9009d9 34 API calls 97193->97223 97194->97193 97197->97191 97199 91b486 97224 91b536 25 API calls 97199->97224 97201->97182 97201->97183 97203 89762a _wcslen 97202->97203 97204 8afe0b 22 API calls 97203->97204 97205 89763f 97204->97205 97205->97129 97225 90030f 97206->97225 97210 89b578 97209->97210 97211 89b57f 97209->97211 97210->97211 97238 8b62d1 39 API calls _strftime 97210->97238 97211->97116 97213 89b5c2 97213->97116 97214->97150 97215->97157 97216->97146 97217->97158 97218->97166 97219->97174 97220->97167 97221->97179 97222->97201 97223->97199 97224->97192 97226 900321 CloseHandle 97225->97226 97227 900329 97225->97227 97226->97227 97228 900336 97227->97228 97229 90032e CloseHandle 97227->97229 97230 900343 97228->97230 97231 90033b CloseHandle 97228->97231 97229->97228 97232 900350 97230->97232 97233 900348 CloseHandle 97230->97233 97231->97230 97234 900355 CloseHandle 97232->97234 97235 90035d 97232->97235 97233->97232 97234->97235 97236 900362 CloseHandle 97235->97236 97237 90017d 97235->97237 97236->97237 97237->96848 97238->97213 97240 89aceb 23 API calls 97239->97240 97241 922af3 97240->97241 97242 922aff 97241->97242 97243 922b1d 97241->97243 97245 897510 53 API calls 97242->97245 97244 896b57 22 API calls 97243->97244 97248 922b1b 97244->97248 97246 922b0c 97245->97246 97246->97248 97249 89a8c7 22 API calls __fread_nolock 97246->97249 97248->97048 97249->97248 97251 8fdbdc GetFileAttributesW 97250->97251 97252 8fdc06 97250->97252 97251->97252 97253 8fdbe8 FindFirstFileW 97251->97253 97252->97053 97253->97252 97254 8fdbf9 FindClose 97253->97254 97254->97252 97256 8a0206 97255->97256 97271 8a027e 97255->97271 97257 8e5411 97256->97257 97258 8a0213 97256->97258 97341 917b7e 348 API calls 2 library calls 97257->97341 97265 8a021d 97258->97265 97266 8e5435 97258->97266 97260 8e5405 97340 90359c 82 API calls __wsopen_s 97260->97340 97262 8e5466 97267 8e5493 97262->97267 97268 8e5471 97262->97268 97263 89ec40 348 API calls 97263->97271 97315 8a0230 ISource 97265->97315 97346 89a8c7 22 API calls __fread_nolock 97265->97346 97266->97262 97270 8e544d 97266->97270 97323 915689 97267->97323 97343 917b7e 348 API calls 2 library calls 97268->97343 97269 8a0405 97269->96863 97342 90359c 82 API calls __wsopen_s 97270->97342 97271->97263 97271->97269 97278 8e51b9 97271->97278 97289 8a03f9 97271->97289 97295 8a0344 97271->97295 97299 8e51ce ISource 97271->97299 97305 8a03b2 ISource 97271->97305 97276 8e5332 97276->97315 97339 89a8c7 22 API calls __fread_nolock 97276->97339 97336 90359c 82 API calls __wsopen_s 97278->97336 97281 8e568a 97284 8e56c0 97281->97284 97348 917771 67 API calls 97281->97348 97282 8e5532 97344 901119 22 API calls 97282->97344 97288 89aceb 23 API calls 97284->97288 97286 8e5668 97290 897510 53 API calls 97286->97290 97310 8a0273 ISource 97288->97310 97289->97269 97335 90359c 82 API calls __wsopen_s 97289->97335 97306 8e5670 _wcslen 97290->97306 97291 8e54b9 97330 900acc 97291->97330 97292 8e569e 97297 897510 53 API calls 97292->97297 97295->97289 97334 8a04f0 22 API calls 97295->97334 97309 8e56a6 _wcslen 97297->97309 97298 8e5544 97345 89a673 22 API calls 97298->97345 97299->97305 97299->97310 97337 90359c 82 API calls __wsopen_s 97299->97337 97300 8a03a5 97300->97289 97300->97305 97304 8e554d 97312 900acc 22 API calls 97304->97312 97305->97260 97305->97276 97305->97310 97305->97315 97338 8aa308 348 API calls 97305->97338 97306->97281 97308 89aceb 23 API calls 97306->97308 97307 8a1310 348 API calls 97307->97315 97308->97281 97309->97284 97311 89aceb 23 API calls 97309->97311 97310->96863 97311->97284 97313 8e5566 97312->97313 97314 89bf40 348 API calls 97313->97314 97314->97315 97315->97281 97315->97310 97347 917632 54 API calls __wsopen_s 97315->97347 97316->96863 97317->96867 97318->96867 97319->96867 97320->96867 97321->96865 97322->96867 97324 9156a4 97323->97324 97329 8e549e 97323->97329 97325 8afe0b 22 API calls 97324->97325 97327 9156c6 97325->97327 97326 8afddb 22 API calls 97326->97327 97327->97326 97327->97329 97349 900a59 97327->97349 97329->97282 97329->97291 97331 8e54e3 97330->97331 97332 900ada 97330->97332 97331->97307 97332->97331 97333 8afddb 22 API calls 97332->97333 97333->97331 97334->97300 97335->97310 97336->97299 97337->97305 97338->97305 97339->97315 97340->97257 97341->97315 97342->97310 97343->97315 97344->97298 97345->97304 97346->97315 97347->97286 97348->97292 97350 900a7a 97349->97350 97351 900a85 97350->97351 97352 8afddb 22 API calls 97350->97352 97351->97327 97352->97351 97354 8fdf02 97353->97354 97355 8fdf19 97354->97355 97358 8fdf1f 97354->97358 97362 8b63b2 GetStringTypeW _strftime 97354->97362 97363 8b62fb 39 API calls _strftime 97355->97363 97358->96893 97359->96893 97360->96893 97361->96893 97362->97354 97363->97358 97364 8c8402 97369 8c81be 97364->97369 97368 8c842a 97374 8c81ef try_get_first_available_module 97369->97374 97371 8c83ee 97388 8c27ec 26 API calls _strftime 97371->97388 97373 8c8343 97373->97368 97381 8d0984 97373->97381 97380 8c8338 97374->97380 97384 8b8e0b 40 API calls 2 library calls 97374->97384 97376 8c838c 97376->97380 97385 8b8e0b 40 API calls 2 library calls 97376->97385 97378 8c83ab 97378->97380 97386 8b8e0b 40 API calls 2 library calls 97378->97386 97380->97373 97387 8bf2d9 20 API calls _free 97380->97387 97389 8d0081 97381->97389 97383 8d099f 97383->97368 97384->97376 97385->97378 97386->97380 97387->97371 97388->97373 97390 8d008d CallCatchBlock 97389->97390 97391 8d009b 97390->97391 97394 8d00d4 97390->97394 97447 8bf2d9 20 API calls _free 97391->97447 97393 8d00a0 97448 8c27ec 26 API calls _strftime 97393->97448 97400 8d065b 97394->97400 97399 8d00aa __wsopen_s 97399->97383 97450 8d042f 97400->97450 97403 8d068d 97482 8bf2c6 20 API calls _free 97403->97482 97404 8d06a6 97468 8c5221 97404->97468 97407 8d06ab 97408 8d06cb 97407->97408 97409 8d06b4 97407->97409 97481 8d039a CreateFileW 97408->97481 97484 8bf2c6 20 API calls _free 97409->97484 97413 8d06b9 97485 8bf2d9 20 API calls _free 97413->97485 97415 8d0781 GetFileType 97417 8d078c GetLastError 97415->97417 97421 8d07d3 97415->97421 97416 8d0756 GetLastError 97487 8bf2a3 20 API calls 2 library calls 97416->97487 97488 8bf2a3 20 API calls 2 library calls 97417->97488 97418 8d0704 97418->97415 97418->97416 97486 8d039a CreateFileW 97418->97486 97490 8c516a 21 API calls 3 library calls 97421->97490 97423 8d0692 97483 8bf2d9 20 API calls _free 97423->97483 97424 8d079a CloseHandle 97424->97423 97427 8d07c3 97424->97427 97426 8d0749 97426->97415 97426->97416 97489 8bf2d9 20 API calls _free 97427->97489 97428 8d07f4 97430 8d0840 97428->97430 97491 8d05ab 72 API calls 4 library calls 97428->97491 97435 8d086d 97430->97435 97492 8d014d 72 API calls 4 library calls 97430->97492 97431 8d07c8 97431->97423 97434 8d0866 97434->97435 97436 8d087e 97434->97436 97493 8c86ae 97435->97493 97438 8d00f8 97436->97438 97439 8d08fc CloseHandle 97436->97439 97449 8d0121 LeaveCriticalSection __wsopen_s 97438->97449 97508 8d039a CreateFileW 97439->97508 97441 8d0927 97442 8d0931 GetLastError 97441->97442 97443 8d095d 97441->97443 97509 8bf2a3 20 API calls 2 library calls 97442->97509 97443->97438 97445 8d093d 97510 8c5333 21 API calls 3 library calls 97445->97510 97447->97393 97448->97399 97449->97399 97451 8d046a 97450->97451 97452 8d0450 97450->97452 97511 8d03bf 97451->97511 97452->97451 97518 8bf2d9 20 API calls _free 97452->97518 97455 8d045f 97519 8c27ec 26 API calls _strftime 97455->97519 97457 8d04a2 97458 8d04d1 97457->97458 97520 8bf2d9 20 API calls _free 97457->97520 97459 8d0524 97458->97459 97522 8bd70d 26 API calls 2 library calls 97458->97522 97459->97403 97459->97404 97462 8d051f 97462->97459 97464 8d059e 97462->97464 97463 8d04c6 97521 8c27ec 26 API calls _strftime 97463->97521 97523 8c27fc 11 API calls _abort 97464->97523 97467 8d05aa 97469 8c522d CallCatchBlock 97468->97469 97526 8c2f5e EnterCriticalSection 97469->97526 97471 8c527b 97527 8c532a 97471->97527 97473 8c5259 97530 8c5000 97473->97530 97474 8c52a4 __wsopen_s 97474->97407 97476 8c5234 97476->97471 97476->97473 97478 8c52c7 EnterCriticalSection 97476->97478 97478->97471 97479 8c52d4 LeaveCriticalSection 97478->97479 97479->97476 97481->97418 97482->97423 97483->97438 97484->97413 97485->97423 97486->97426 97487->97423 97488->97424 97489->97431 97490->97428 97491->97430 97492->97434 97556 8c53c4 97493->97556 97495 8c86c4 97569 8c5333 21 API calls 3 library calls 97495->97569 97496 8c86be 97496->97495 97497 8c86f6 97496->97497 97499 8c53c4 __wsopen_s 26 API calls 97496->97499 97497->97495 97500 8c53c4 __wsopen_s 26 API calls 97497->97500 97502 8c86ed 97499->97502 97503 8c8702 CloseHandle 97500->97503 97501 8c871c 97504 8c873e 97501->97504 97570 8bf2a3 20 API calls 2 library calls 97501->97570 97505 8c53c4 __wsopen_s 26 API calls 97502->97505 97503->97495 97506 8c870e GetLastError 97503->97506 97504->97438 97505->97497 97506->97495 97508->97441 97509->97445 97510->97443 97513 8d03d7 97511->97513 97512 8d03f2 97512->97457 97513->97512 97524 8bf2d9 20 API calls _free 97513->97524 97515 8d0416 97525 8c27ec 26 API calls _strftime 97515->97525 97517 8d0421 97517->97457 97518->97455 97519->97451 97520->97463 97521->97458 97522->97462 97523->97467 97524->97515 97525->97517 97526->97476 97538 8c2fa6 LeaveCriticalSection 97527->97538 97529 8c5331 97529->97474 97539 8c4c7d 97530->97539 97532 8c501f 97547 8c29c8 97532->97547 97533 8c5012 97533->97532 97546 8c3405 11 API calls 2 library calls 97533->97546 97536 8c5071 97536->97471 97537 8c5147 EnterCriticalSection 97536->97537 97537->97471 97538->97529 97544 8c4c8a _free 97539->97544 97540 8c4cca 97554 8bf2d9 20 API calls _free 97540->97554 97541 8c4cb5 RtlAllocateHeap 97542 8c4cc8 97541->97542 97541->97544 97542->97533 97544->97540 97544->97541 97553 8b4ead 7 API calls 2 library calls 97544->97553 97546->97533 97548 8c29d3 RtlFreeHeap 97547->97548 97552 8c29fc _free 97547->97552 97549 8c29e8 97548->97549 97548->97552 97555 8bf2d9 20 API calls _free 97549->97555 97551 8c29ee GetLastError 97551->97552 97552->97536 97553->97544 97554->97542 97555->97551 97557 8c53e6 97556->97557 97558 8c53d1 97556->97558 97563 8c540b 97557->97563 97573 8bf2c6 20 API calls _free 97557->97573 97571 8bf2c6 20 API calls _free 97558->97571 97560 8c53d6 97572 8bf2d9 20 API calls _free 97560->97572 97563->97496 97564 8c5416 97574 8bf2d9 20 API calls _free 97564->97574 97565 8c53de 97565->97496 97567 8c541e 97575 8c27ec 26 API calls _strftime 97567->97575 97569->97501 97570->97504 97571->97560 97572->97565 97573->97564 97574->97567 97575->97565 97576 8d2402 97579 891410 97576->97579 97580 8d24b8 DestroyWindow 97579->97580 97581 89144f mciSendStringW 97579->97581 97593 8d24c4 97580->97593 97582 89146b 97581->97582 97583 8916c6 97581->97583 97584 891479 97582->97584 97582->97593 97583->97582 97585 8916d5 UnregisterHotKey 97583->97585 97612 89182e 97584->97612 97585->97583 97587 8d2509 97595 8d252d 97587->97595 97596 8d251c FreeLibrary 97587->97596 97588 8d24d8 97588->97593 97618 896246 CloseHandle 97588->97618 97589 8d24e2 FindClose 97589->97593 97592 89148e 97594 89149c 97592->97594 97592->97595 97593->97587 97593->97588 97593->97589 97598 8914f8 CoUninitialize 97594->97598 97597 8d2541 VirtualFree 97595->97597 97599 891509 97595->97599 97596->97587 97597->97595 97598->97599 97600 8d2589 97599->97600 97601 891514 97599->97601 97605 8d2598 ISource 97600->97605 97619 9032eb 6 API calls ISource 97600->97619 97603 891524 97601->97603 97616 891944 VirtualFreeEx CloseHandle 97603->97616 97608 8d2627 97605->97608 97620 8f64d4 22 API calls ISource 97605->97620 97607 89153a 97607->97605 97609 89161f 97607->97609 97608->97608 97609->97608 97617 891876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 97609->97617 97611 8916c1 97613 89183b 97612->97613 97614 891480 97613->97614 97621 8f702a 22 API calls 97613->97621 97614->97587 97614->97592 97616->97607 97617->97611 97618->97588 97619->97600 97620->97605 97621->97613 98418 8b03fb 98419 8b0407 CallCatchBlock 98418->98419 98447 8afeb1 98419->98447 98421 8b040e 98422 8b0561 98421->98422 98425 8b0438 98421->98425 98477 8b083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 98422->98477 98424 8b0568 98470 8b4e52 98424->98470 98435 8b0477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 98425->98435 98458 8c247d 98425->98458 98432 8b0457 98438 8b04d8 98435->98438 98473 8b4e1a 38 API calls 3 library calls 98435->98473 98437 8b04de 98439 8b04f3 98437->98439 98466 8b0959 98438->98466 98474 8b0992 GetModuleHandleW 98439->98474 98441 8b04fa 98441->98424 98442 8b04fe 98441->98442 98443 8b0507 98442->98443 98475 8b4df5 28 API calls _abort 98442->98475 98476 8b0040 13 API calls 2 library calls 98443->98476 98446 8b050f 98446->98432 98448 8afeba 98447->98448 98479 8b0698 IsProcessorFeaturePresent 98448->98479 98450 8afec6 98480 8b2c94 10 API calls 3 library calls 98450->98480 98452 8afecb 98453 8afecf 98452->98453 98481 8c2317 98452->98481 98453->98421 98456 8afee6 98456->98421 98461 8c2494 98458->98461 98459 8b0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 98460 8b0451 98459->98460 98460->98432 98462 8c2421 98460->98462 98461->98459 98465 8c2450 98462->98465 98463 8b0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 98464 8c2479 98463->98464 98464->98435 98465->98463 98532 8b2340 98466->98532 98469 8b097f 98469->98437 98534 8b4bcf 98470->98534 98473->98438 98474->98441 98475->98443 98476->98446 98477->98424 98479->98450 98480->98452 98485 8cd1f6 98481->98485 98484 8b2cbd 8 API calls 3 library calls 98484->98453 98488 8cd213 98485->98488 98489 8cd20f 98485->98489 98487 8afed8 98487->98456 98487->98484 98488->98489 98491 8c4bfb 98488->98491 98503 8b0a8c 98489->98503 98492 8c4c07 CallCatchBlock 98491->98492 98510 8c2f5e EnterCriticalSection 98492->98510 98494 8c4c0e 98511 8c50af 98494->98511 98496 8c4c2c 98526 8c4c48 LeaveCriticalSection _abort 98496->98526 98497 8c4c1d 98497->98496 98524 8c4a8f 29 API calls 98497->98524 98500 8c4c27 98525 8c4b45 GetStdHandle GetFileType 98500->98525 98501 8c4c3d __wsopen_s 98501->98488 98504 8b0a97 IsProcessorFeaturePresent 98503->98504 98505 8b0a95 98503->98505 98507 8b0c5d 98504->98507 98505->98487 98531 8b0c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 98507->98531 98509 8b0d40 98509->98487 98510->98494 98512 8c50bb CallCatchBlock 98511->98512 98513 8c50df 98512->98513 98514 8c50c8 98512->98514 98527 8c2f5e EnterCriticalSection 98513->98527 98528 8bf2d9 20 API calls _free 98514->98528 98517 8c50cd 98529 8c27ec 26 API calls _strftime 98517->98529 98519 8c50d7 __wsopen_s 98519->98497 98520 8c5117 98530 8c513e LeaveCriticalSection _abort 98520->98530 98521 8c50eb 98521->98520 98523 8c5000 __wsopen_s 21 API calls 98521->98523 98523->98521 98524->98500 98525->98496 98526->98501 98527->98521 98528->98517 98529->98519 98530->98519 98531->98509 98533 8b096c GetStartupInfoW 98532->98533 98533->98469 98535 8b4bdb FindHandlerForForeignException 98534->98535 98536 8b4be2 98535->98536 98537 8b4bf4 98535->98537 98573 8b4d29 GetModuleHandleW 98536->98573 98558 8c2f5e EnterCriticalSection 98537->98558 98540 8b4be7 98540->98537 98574 8b4d6d GetModuleHandleExW 98540->98574 98541 8b4c99 98562 8b4cd9 98541->98562 98544 8b4bfb 98544->98541 98546 8b4c70 98544->98546 98559 8c21a8 98544->98559 98550 8b4c88 98546->98550 98551 8c2421 _abort 5 API calls 98546->98551 98548 8b4ce2 98582 8d1d29 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 98548->98582 98549 8b4cb6 98565 8b4ce8 98549->98565 98552 8c2421 _abort 5 API calls 98550->98552 98551->98550 98552->98541 98558->98544 98583 8c1ee1 98559->98583 98602 8c2fa6 LeaveCriticalSection 98562->98602 98564 8b4cb2 98564->98548 98564->98549 98603 8c360c 98565->98603 98568 8b4d16 98571 8b4d6d _abort 8 API calls 98568->98571 98569 8b4cf6 GetPEB 98569->98568 98570 8b4d06 GetCurrentProcess TerminateProcess 98569->98570 98570->98568 98572 8b4d1e ExitProcess 98571->98572 98573->98540 98575 8b4dba 98574->98575 98576 8b4d97 GetProcAddress 98574->98576 98577 8b4dc9 98575->98577 98578 8b4dc0 FreeLibrary 98575->98578 98579 8b4dac 98576->98579 98580 8b0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 98577->98580 98578->98577 98579->98575 98581 8b4bf3 98580->98581 98581->98537 98586 8c1e90 98583->98586 98585 8c1f05 98585->98546 98587 8c1e9c CallCatchBlock 98586->98587 98594 8c2f5e EnterCriticalSection 98587->98594 98589 8c1eaa 98595 8c1f31 98589->98595 98593 8c1ec8 __wsopen_s 98593->98585 98594->98589 98596 8c1f51 98595->98596 98599 8c1f59 98595->98599 98597 8b0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 98596->98597 98598 8c1eb7 98597->98598 98601 8c1ed5 LeaveCriticalSection _abort 98598->98601 98599->98596 98600 8c29c8 _free 20 API calls 98599->98600 98600->98596 98601->98593 98602->98564 98604 8c3631 98603->98604 98605 8c3627 98603->98605 98610 8c2fd7 5 API calls 2 library calls 98604->98610 98607 8b0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 98605->98607 98608 8b4cf2 98607->98608 98608->98568 98608->98569 98609 8c3648 98609->98605 98610->98609 97622 891098 97627 8942de 97622->97627 97626 8910a7 97628 89a961 22 API calls 97627->97628 97629 8942f5 GetVersionExW 97628->97629 97630 896b57 22 API calls 97629->97630 97631 894342 97630->97631 97632 8993b2 22 API calls 97631->97632 97635 894378 97631->97635 97633 89436c 97632->97633 97648 8937a0 97633->97648 97636 89441b GetCurrentProcess IsWow64Process 97635->97636 97640 8d37df 97635->97640 97637 894437 97636->97637 97638 89444f LoadLibraryA 97637->97638 97639 8d3824 GetSystemInfo 97637->97639 97641 89449c GetSystemInfo 97638->97641 97642 894460 GetProcAddress 97638->97642 97643 894476 97641->97643 97642->97641 97644 894470 GetNativeSystemInfo 97642->97644 97645 89447a FreeLibrary 97643->97645 97646 89109d 97643->97646 97644->97643 97645->97646 97647 8b00a3 29 API calls __onexit 97646->97647 97647->97626 97649 8937ae 97648->97649 97650 8993b2 22 API calls 97649->97650 97651 8937c2 97650->97651 97651->97635 97652 8ed79f 97657 893b1c 97652->97657 97654 8ed7bf 97664 899c6e 22 API calls 97654->97664 97656 8ed7ef 97656->97656 97658 893b8c 97657->97658 97659 893b29 97657->97659 97658->97654 97659->97658 97660 893b30 RegOpenKeyExW 97659->97660 97660->97658 97661 893b4a RegQueryValueExW 97660->97661 97662 893b80 RegCloseKey 97661->97662 97663 893b6b 97661->97663 97662->97658 97663->97662 97664->97656 97665 8ed35f 97666 8ed30c 97665->97666 97669 8fdf27 SHGetFolderPathW 97666->97669 97670 896b57 22 API calls 97669->97670 97671 8ed315 97670->97671 97672 8af698 97673 8af6a2 97672->97673 97675 8af6c3 97672->97675 97681 89af8a 97673->97681 97679 8ef2f8 97675->97679 97689 8f4d4a 22 API calls ISource 97675->97689 97677 8af6b2 97678 89af8a 22 API calls 97677->97678 97680 8af6c2 97678->97680 97682 89af98 97681->97682 97688 89afc0 ISource 97681->97688 97683 89afa6 97682->97683 97685 89af8a 22 API calls 97682->97685 97684 89afac 97683->97684 97686 89af8a 22 API calls 97683->97686 97684->97688 97690 89b090 97684->97690 97685->97683 97686->97684 97688->97677 97689->97675 97691 89b09b ISource 97690->97691 97693 89b0d6 ISource 97691->97693 97694 8ace17 22 API calls ISource 97691->97694 97693->97688 97694->97693 97695 89105b 97700 89344d 97695->97700 97697 89106a 97731 8b00a3 29 API calls __onexit 97697->97731 97699 891074 97701 89345d __wsopen_s 97700->97701 97702 89a961 22 API calls 97701->97702 97703 893513 97702->97703 97732 893a5a 97703->97732 97705 89351c 97739 893357 97705->97739 97712 89a961 22 API calls 97713 89354d 97712->97713 97760 89a6c3 97713->97760 97716 8d3176 RegQueryValueExW 97717 8d320c RegCloseKey 97716->97717 97718 8d3193 97716->97718 97721 893578 97717->97721 97730 8d321e _wcslen 97717->97730 97719 8afe0b 22 API calls 97718->97719 97720 8d31ac 97719->97720 97766 895722 97720->97766 97721->97697 97722 894c6d 22 API calls 97722->97730 97725 8d31d4 97726 896b57 22 API calls 97725->97726 97727 8d31ee ISource 97726->97727 97727->97717 97728 899cb3 22 API calls 97728->97730 97729 89515f 22 API calls 97729->97730 97730->97721 97730->97722 97730->97728 97730->97729 97731->97699 97769 8d1f50 97732->97769 97735 899cb3 22 API calls 97736 893a8d 97735->97736 97771 893aa2 97736->97771 97738 893a97 97738->97705 97740 8d1f50 __wsopen_s 97739->97740 97741 893364 GetFullPathNameW 97740->97741 97742 893386 97741->97742 97743 896b57 22 API calls 97742->97743 97744 8933a4 97743->97744 97745 8933c6 97744->97745 97746 8933dd 97745->97746 97747 8d30bb 97745->97747 97781 8933ee 97746->97781 97748 8afddb 22 API calls 97747->97748 97751 8d30c5 _wcslen 97748->97751 97750 8933e8 97754 89515f 97750->97754 97752 8afe0b 22 API calls 97751->97752 97753 8d30fe __fread_nolock 97752->97753 97755 89516e 97754->97755 97759 89518f __fread_nolock 97754->97759 97758 8afe0b 22 API calls 97755->97758 97756 8afddb 22 API calls 97757 893544 97756->97757 97757->97712 97758->97759 97759->97756 97761 89a6dd 97760->97761 97762 893556 RegOpenKeyExW 97760->97762 97763 8afddb 22 API calls 97761->97763 97762->97716 97762->97721 97764 89a6e7 97763->97764 97765 8afe0b 22 API calls 97764->97765 97765->97762 97767 8afddb 22 API calls 97766->97767 97768 895734 RegQueryValueExW 97767->97768 97768->97725 97768->97727 97770 893a67 GetModuleFileNameW 97769->97770 97770->97735 97772 8d1f50 __wsopen_s 97771->97772 97773 893aaf GetFullPathNameW 97772->97773 97774 893ae9 97773->97774 97775 893ace 97773->97775 97777 89a6c3 22 API calls 97774->97777 97776 896b57 22 API calls 97775->97776 97778 893ada 97776->97778 97777->97778 97779 8937a0 22 API calls 97778->97779 97780 893ae6 97779->97780 97780->97738 97782 8933fe _wcslen 97781->97782 97783 8d311d 97782->97783 97784 893411 97782->97784 97786 8afddb 22 API calls 97783->97786 97791 89a587 97784->97791 97787 8d3127 97786->97787 97789 8afe0b 22 API calls 97787->97789 97788 89341e __fread_nolock 97788->97750 97790 8d3157 __fread_nolock 97789->97790 97792 89a598 __fread_nolock 97791->97792 97793 89a59d 97791->97793 97792->97788 97794 8df80f 97793->97794 97795 8afe0b 22 API calls 97793->97795 97795->97792 97796 8ed29a 97799 8fde27 WSAStartup 97796->97799 97798 8ed2a5 97800 8fde50 gethostname gethostbyname 97799->97800 97802 8fdee6 97799->97802 97801 8fde73 __fread_nolock 97800->97801 97800->97802 97803 8fdea5 inet_ntoa 97801->97803 97807 8fde87 97801->97807 97802->97798 97805 8fdebe _strcat 97803->97805 97804 8fdede WSACleanup 97804->97802 97808 8febd1 97805->97808 97807->97804 97809 8fec37 97808->97809 97810 8febe0 _strlen 97808->97810 97809->97807 97811 8febef MultiByteToWideChar 97810->97811 97811->97809 97812 8fec04 97811->97812 97813 8afe0b 22 API calls 97812->97813 97814 8fec20 MultiByteToWideChar 97813->97814 97814->97809 98611 8ed27a GetUserNameW 98612 8ed292 98611->98612 98613 89defc 98616 891d6f 98613->98616 98615 89df07 98617 891d8c 98616->98617 98618 891f6f 348 API calls 98617->98618 98619 891da6 98618->98619 98620 8d2759 98619->98620 98622 891e36 98619->98622 98624 891dc2 98619->98624 98626 90359c 82 API calls __wsopen_s 98620->98626 98622->98615 98624->98622 98625 89289a 23 API calls 98624->98625 98625->98622 98626->98622 98627 891033 98632 894c91 98627->98632 98631 891042 98633 89a961 22 API calls 98632->98633 98634 894cff 98633->98634 98640 893af0 98634->98640 98637 894d9c 98638 891038 98637->98638 98643 8951f7 22 API calls __fread_nolock 98637->98643 98639 8b00a3 29 API calls __onexit 98638->98639 98639->98631 98641 893b1c 3 API calls 98640->98641 98642 893b0f 98641->98642 98642->98637 98643->98637 98644 89fe73 98651 8aceb1 98644->98651 98646 89fe89 98660 8acf92 98646->98660 98648 89feb3 98672 90359c 82 API calls __wsopen_s 98648->98672 98650 8e4ab8 98652 8acebf 98651->98652 98653 8aced2 98651->98653 98654 89aceb 23 API calls 98652->98654 98655 8aced7 98653->98655 98656 8acf05 98653->98656 98659 8acec9 98654->98659 98657 8afddb 22 API calls 98655->98657 98658 89aceb 23 API calls 98656->98658 98657->98659 98658->98659 98659->98646 98661 896270 22 API calls 98660->98661 98662 8acfc9 98661->98662 98663 899cb3 22 API calls 98662->98663 98666 8acffa 98662->98666 98664 8ed166 98663->98664 98673 896350 22 API calls 98664->98673 98666->98648 98667 8ed171 98674 8ad2f0 40 API calls 98667->98674 98669 8ed184 98670 89aceb 23 API calls 98669->98670 98671 8ed188 98669->98671 98670->98671 98671->98671 98672->98650 98673->98667 98674->98669 97815 8ed255 97816 893b1c 3 API calls 97815->97816 97817 8ed275 97815->97817 97816->97817 97817->97817 98675 8e3f75 98676 8aceb1 23 API calls 98675->98676 98677 8e3f8b 98676->98677 98678 8e4006 98677->98678 98686 8ae300 23 API calls 98677->98686 98680 89bf40 348 API calls 98678->98680 98682 8e4052 98680->98682 98685 8e4a88 98682->98685 98688 90359c 82 API calls __wsopen_s 98682->98688 98683 8e3fe6 98683->98682 98687 901abf 22 API calls 98683->98687 98686->98683 98687->98678 98688->98685 98689 892e37 98690 89a961 22 API calls 98689->98690 98691 892e4d 98690->98691 98768 894ae3 98691->98768 98693 892e6b 98694 893a5a 24 API calls 98693->98694 98695 892e7f 98694->98695 98696 899cb3 22 API calls 98695->98696 98697 892e8c 98696->98697 98698 894ecb 94 API calls 98697->98698 98699 892ea5 98698->98699 98700 892ead 98699->98700 98701 8d2cb0 98699->98701 98782 89a8c7 22 API calls __fread_nolock 98700->98782 98702 902cf9 80 API calls 98701->98702 98703 8d2cc3 98702->98703 98704 8d2ccf 98703->98704 98706 894f39 68 API calls 98703->98706 98709 894f39 68 API calls 98704->98709 98706->98704 98707 892ec3 98783 896f88 22 API calls 98707->98783 98711 8d2ce5 98709->98711 98710 892ecf 98712 899cb3 22 API calls 98710->98712 98798 893084 22 API calls 98711->98798 98713 892edc 98712->98713 98714 89a81b 41 API calls 98713->98714 98715 892eec 98714->98715 98718 899cb3 22 API calls 98715->98718 98717 8d2d02 98799 893084 22 API calls 98717->98799 98720 892f12 98718->98720 98722 89a81b 41 API calls 98720->98722 98721 8d2d1e 98723 893a5a 24 API calls 98721->98723 98725 892f21 98722->98725 98724 8d2d44 98723->98724 98800 893084 22 API calls 98724->98800 98728 89a961 22 API calls 98725->98728 98727 8d2d50 98801 89a8c7 22 API calls __fread_nolock 98727->98801 98730 892f3f 98728->98730 98784 893084 22 API calls 98730->98784 98731 8d2d5e 98802 893084 22 API calls 98731->98802 98734 892f4b 98785 8b4a28 40 API calls 2 library calls 98734->98785 98736 8d2d6d 98803 89a8c7 22 API calls __fread_nolock 98736->98803 98737 892f59 98737->98711 98738 892f63 98737->98738 98786 8b4a28 40 API calls 2 library calls 98738->98786 98741 892f6e 98741->98717 98744 892f78 98741->98744 98742 8d2d83 98804 893084 22 API calls 98742->98804 98787 8b4a28 40 API calls 2 library calls 98744->98787 98745 8d2d90 98747 892f83 98747->98721 98748 892f8d 98747->98748 98788 8b4a28 40 API calls 2 library calls 98748->98788 98750 892f98 98751 892fdc 98750->98751 98789 893084 22 API calls 98750->98789 98751->98736 98752 892fe8 98751->98752 98752->98745 98792 8963eb 22 API calls 98752->98792 98755 892fbf 98790 89a8c7 22 API calls __fread_nolock 98755->98790 98757 892ff8 98793 896a50 22 API calls 98757->98793 98758 892fcd 98791 893084 22 API calls 98758->98791 98761 893006 98794 8970b0 23 API calls 98761->98794 98765 893021 98766 893065 98765->98766 98795 896f88 22 API calls 98765->98795 98796 8970b0 23 API calls 98765->98796 98797 893084 22 API calls 98765->98797 98769 894af0 __wsopen_s 98768->98769 98770 896b57 22 API calls 98769->98770 98771 894b22 98769->98771 98770->98771 98781 894b58 98771->98781 98805 894c6d 98771->98805 98773 899cb3 22 API calls 98776 894c52 98773->98776 98774 894c5e 98774->98693 98775 899cb3 22 API calls 98775->98781 98778 89515f 22 API calls 98776->98778 98777 894c6d 22 API calls 98777->98781 98778->98774 98779 89515f 22 API calls 98779->98781 98780 894c29 98780->98773 98780->98774 98781->98775 98781->98777 98781->98779 98781->98780 98782->98707 98783->98710 98784->98734 98785->98737 98786->98741 98787->98747 98788->98750 98789->98755 98790->98758 98791->98751 98792->98757 98793->98761 98794->98765 98795->98765 98796->98765 98797->98765 98798->98717 98799->98721 98800->98727 98801->98731 98802->98736 98803->98742 98804->98745 98806 89aec9 22 API calls 98805->98806 98807 894c78 98806->98807 98807->98771 97818 893156 97821 893170 97818->97821 97822 893187 97821->97822 97823 8931eb 97822->97823 97824 89318c 97822->97824 97861 8931e9 97822->97861 97828 8d2dfb 97823->97828 97829 8931f1 97823->97829 97825 893199 97824->97825 97826 893265 PostQuitMessage 97824->97826 97833 8d2e7c 97825->97833 97834 8931a4 97825->97834 97851 89316a 97826->97851 97827 8931d0 DefWindowProcW 97827->97851 97880 8918e2 10 API calls 97828->97880 97830 8931f8 97829->97830 97831 89321d SetTimer RegisterWindowMessageW 97829->97831 97835 8d2d9c 97830->97835 97836 893201 KillTimer 97830->97836 97838 893246 CreatePopupMenu 97831->97838 97831->97851 97893 8fbf30 34 API calls ___scrt_fastfail 97833->97893 97839 8d2e68 97834->97839 97840 8931ae 97834->97840 97847 8d2dd7 MoveWindow 97835->97847 97848 8d2da1 97835->97848 97866 8930f2 97836->97866 97837 8d2e1c 97881 8ae499 42 API calls 97837->97881 97838->97851 97870 8fc161 97839->97870 97845 8931b9 97840->97845 97849 8d2e4d 97840->97849 97852 8931c4 97845->97852 97853 893253 97845->97853 97846 8d2e8e 97846->97827 97846->97851 97847->97851 97854 8d2da7 97848->97854 97855 8d2dc6 SetFocus 97848->97855 97849->97827 97892 8f0ad7 22 API calls 97849->97892 97852->97827 97863 8930f2 Shell_NotifyIconW 97852->97863 97878 89326f 44 API calls ___scrt_fastfail 97853->97878 97854->97852 97859 8d2db0 97854->97859 97855->97851 97879 8918e2 10 API calls 97859->97879 97861->97827 97862 893263 97862->97851 97864 8d2e41 97863->97864 97882 893837 97864->97882 97867 893154 97866->97867 97868 893104 ___scrt_fastfail 97866->97868 97877 893c50 DeleteObject DestroyWindow 97867->97877 97869 893123 Shell_NotifyIconW 97868->97869 97869->97867 97871 8fc179 ___scrt_fastfail 97870->97871 97872 8fc276 97870->97872 97894 893923 97871->97894 97872->97851 97874 8fc25f KillTimer SetTimer 97874->97872 97875 8fc1a0 97875->97874 97876 8fc251 Shell_NotifyIconW 97875->97876 97876->97874 97877->97851 97878->97862 97879->97851 97880->97837 97881->97852 97883 893862 ___scrt_fastfail 97882->97883 97924 894212 97883->97924 97887 8d3386 Shell_NotifyIconW 97888 893906 Shell_NotifyIconW 97889 893923 24 API calls 97888->97889 97890 89391c 97889->97890 97890->97861 97891 8938e8 97891->97887 97891->97888 97892->97861 97893->97846 97895 89393f 97894->97895 97896 893a13 97894->97896 97916 896270 97895->97916 97896->97875 97899 89395a 97901 896b57 22 API calls 97899->97901 97900 8d3393 LoadStringW 97902 8d33ad 97900->97902 97903 89396f 97901->97903 97910 893994 ___scrt_fastfail 97902->97910 97922 89a8c7 22 API calls __fread_nolock 97902->97922 97904 8d33c9 97903->97904 97905 89397c 97903->97905 97923 896350 22 API calls 97904->97923 97905->97902 97907 893986 97905->97907 97921 896350 22 API calls 97907->97921 97913 8939f9 Shell_NotifyIconW 97910->97913 97911 8d33d7 97911->97910 97912 8933c6 22 API calls 97911->97912 97914 8d33f9 97912->97914 97913->97896 97915 8933c6 22 API calls 97914->97915 97915->97910 97917 8afe0b 22 API calls 97916->97917 97918 896295 97917->97918 97919 8afddb 22 API calls 97918->97919 97920 89394d 97919->97920 97920->97899 97920->97900 97921->97910 97922->97910 97923->97911 97925 8d35a4 97924->97925 97926 8938b7 97924->97926 97925->97926 97927 8d35ad DestroyIcon 97925->97927 97926->97891 97928 8fc874 42 API calls _strftime 97926->97928 97927->97926 97928->97891

                                                                                                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                                                                                                            Function 008942DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 389 8942de-89434d call 89a961 GetVersionExW call 896b57 394 8d3617-8d362a 389->394 395 894353 389->395 396 8d362b-8d362f 394->396 397 894355-894357 395->397 398 8d3631 396->398 399 8d3632-8d363e 396->399 400 89435d-8943bc call 8993b2 call 8937a0 397->400 401 8d3656 397->401 398->399 399->396 402 8d3640-8d3642 399->402 417 8d37df-8d37e6 400->417 418 8943c2-8943c4 400->418 405 8d365d-8d3660 401->405 402->397 404 8d3648-8d364f 402->404 404->394 408 8d3651 404->408 409 89441b-894435 GetCurrentProcess IsWow64Process 405->409 410 8d3666-8d36a8 405->410 408->401 412 894494-89449a 409->412 413 894437 409->413 410->409 414 8d36ae-8d36b1 410->414 419 89443d-894449 412->419 413->419 415 8d36db-8d36e5 414->415 416 8d36b3-8d36bd 414->416 423 8d36f8-8d3702 415->423 424 8d36e7-8d36f3 415->424 420 8d36bf-8d36c5 416->420 421 8d36ca-8d36d6 416->421 425 8d37e8 417->425 426 8d3806-8d3809 417->426 418->405 422 8943ca-8943dd 418->422 427 89444f-89445e LoadLibraryA 419->427 428 8d3824-8d3828 GetSystemInfo 419->428 420->409 421->409 429 8943e3-8943e5 422->429 430 8d3726-8d372f 422->430 432 8d3715-8d3721 423->432 433 8d3704-8d3710 423->433 424->409 431 8d37ee 425->431 434 8d380b-8d381a 426->434 435 8d37f4-8d37fc 426->435 436 89449c-8944a6 GetSystemInfo 427->436 437 894460-89446e GetProcAddress 427->437 439 8d374d-8d3762 429->439 440 8943eb-8943ee 429->440 441 8d373c-8d3748 430->441 442 8d3731-8d3737 430->442 431->435 432->409 433->409 434->431 443 8d381c-8d3822 434->443 435->426 438 894476-894478 436->438 437->436 444 894470-894474 GetNativeSystemInfo 437->444 449 89447a-89447b FreeLibrary 438->449 450 894481-894493 438->450 447 8d376f-8d377b 439->447 448 8d3764-8d376a 439->448 445 8d3791-8d3794 440->445 446 8943f4-89440f 440->446 441->409 442->409 443->435 444->438 445->409 451 8d379a-8d37c1 445->451 452 894415 446->452 453 8d3780-8d378c 446->453 447->409 448->409 449->450 454 8d37ce-8d37da 451->454 455 8d37c3-8d37c9 451->455 452->409 453->409 454->409 455->409
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetVersionExW.KERNEL32(?), ref: 0089430D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00896B57: _wcslen.LIBCMT ref: 00896B6A
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,0092CB64,00000000,?,?), ref: 00894422
                                                                                                                                                                                                                                                                                                                                                            • IsWow64Process.KERNEL32(00000000,?,?), ref: 00894429
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00894454
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00894466
                                                                                                                                                                                                                                                                                                                                                            • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00894474
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?), ref: 0089447B
                                                                                                                                                                                                                                                                                                                                                            • GetSystemInfo.KERNEL32(?,?,?), ref: 008944A0
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e6e8c91c67a134d179f10efc4d69acff229a1b7af6a45b1ac98273a158b6ebc4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f5732391b7f7916f72b4b66045ca8a76db5452a8d05cd77d7685daaebd251d07
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e6e8c91c67a134d179f10efc4d69acff229a1b7af6a45b1ac98273a158b6ebc4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19A1936293E2C4DFCB11EB697C41D997FA4BB36304B0C59AEE043D3B22D2A04545FB66
                                                                                                                                                                                                                                                                                                                                                            Function 008942A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 817 8942a2-8942ba CreateStreamOnHGlobal 818 8942da-8942dd 817->818 819 8942bc-8942d3 FindResourceExW 817->819 820 8942d9 819->820 821 8d35ba-8d35c9 LoadResource 819->821 820->818 821->820 822 8d35cf-8d35dd SizeofResource 821->822 822->820 823 8d35e3-8d35ee LockResource 822->823 823->820 824 8d35f4-8d3612 823->824 824->820
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,008950AA,?,?,00000000,00000000), ref: 008942B2
                                                                                                                                                                                                                                                                                                                                                            • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,008950AA,?,?,00000000,00000000), ref: 008942C9
                                                                                                                                                                                                                                                                                                                                                            • LoadResource.KERNEL32(?,00000000,?,?,008950AA,?,?,00000000,00000000,?,?,?,?,?,?,00894F20), ref: 008D35BE
                                                                                                                                                                                                                                                                                                                                                            • SizeofResource.KERNEL32(?,00000000,?,?,008950AA,?,?,00000000,00000000,?,?,?,?,?,?,00894F20), ref: 008D35D3
                                                                                                                                                                                                                                                                                                                                                            • LockResource.KERNEL32(008950AA,?,?,008950AA,?,?,00000000,00000000,?,?,?,?,?,?,00894F20,?), ref: 008D35E6
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                                                                            • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 722cc31f54d79353c35d48fafb97137e8766c9055d1aa4edd18e36e177c37fe4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 36c29b97b35ca995d8b41e0a6bf7a53ba96efed019272d22a6b135acb64faace
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 722cc31f54d79353c35d48fafb97137e8766c9055d1aa4edd18e36e177c37fe4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2117CB0204701BFEB219BA5DC48F2B7BB9FFC5B51F248169B412D6650DBB2D8019620
                                                                                                                                                                                                                                                                                                                                                            Function 008D2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00892B6B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00893A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00961418,?,00892E7F,?,?,?,00000000), ref: 00893A78
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(runas,?,?,?,?,?,00952224), ref: 008D2C10
                                                                                                                                                                                                                                                                                                                                                            • ShellExecuteW.SHELL32(00000000,?,?,00952224), ref: 008D2C17
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: runas
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 448630720-4000483414
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a75f137429ccc6e546cb2b92730b78a10589ef22da7d6d48f967a8a05831debf
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f3c11519cd2310dc535d75e961109951e59dc850bcbb0ce3debd2f867ba52f9b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a75f137429ccc6e546cb2b92730b78a10589ef22da7d6d48f967a8a05831debf
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D6119D31208305AACF14FF68D8529BE77E4FBA1355F4C042DF582D21A2DF618A0AA713
                                                                                                                                                                                                                                                                                                                                                            Function 008FD4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 008FD501
                                                                                                                                                                                                                                                                                                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 008FD50F
                                                                                                                                                                                                                                                                                                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 008FD52F
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 008FD5DC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f7564788a8623a3ced59afcd2ab383a6ecd7bc77a7f37527d27a8fa2b6111f61
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 398ecf5a17fa2f65301f8d9c8fb95b680798aadac7fd1883f329b4a97e9c5771
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f7564788a8623a3ced59afcd2ab383a6ecd7bc77a7f37527d27a8fa2b6111f61
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E318F710083049FD704EF68C881ABEBBE8FF99354F14092DF681C21A1EB61A949CB93
                                                                                                                                                                                                                                                                                                                                                            Function 008FDBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,008D5222), ref: 008FDBCE
                                                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 008FDBDD
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 008FDBEE
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 008FDBFA
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 476761b6a95da53a900b0d96930a4664c0500f224636899c162111bbe5fa74b5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 58b7cc83b7dd4f0e6f5f35d57307f20504169087cedfc18db2ddbe18480dcaab
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 476761b6a95da53a900b0d96930a4664c0500f224636899c162111bbe5fa74b5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ABF0A070829A189782306B78AC0E8BE376DEF01334B104702FA76C22E0EBB0995696D5
                                                                                                                                                                                                                                                                                                                                                            Function 008ED21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LocalTime
                                                                                                                                                                                                                                                                                                                                                            • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 29b5fccc01c1ac0aa2f55ecaf9d58f9d2ce7bc6c0da12847850a498f3443ee6f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ff8db162e1a5e97f2d19b51c8341910749e4975a4092f31511a82fa09e5cd8f8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 29b5fccc01c1ac0aa2f55ecaf9d58f9d2ce7bc6c0da12847850a498f3443ee6f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 92D012A180834CE9CB5096E2DC458B9B37CFB0A345F508452FE16E1041D634E50D6761
                                                                                                                                                                                                                                                                                                                                                            Function 008B4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(008C28E9,?,008B4CBE,008C28E9,009588B8,0000000C,008B4E15,008C28E9,00000002,00000000,?,008C28E9), ref: 008B4D09
                                                                                                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,008B4CBE,008C28E9,009588B8,0000000C,008B4E15,008C28E9,00000002,00000000,?,008C28E9), ref: 008B4D10
                                                                                                                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 008B4D22
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 28bd50e1700a6f1f7fac639b3f9a6f3593eba117f202f37d4265638c44c2efea
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ac9d2f41ecca913903ecb96a9dd02bd8d3d5196de324e45a7c1de274bfa18a7c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 28bd50e1700a6f1f7fac639b3f9a6f3593eba117f202f37d4265638c44c2efea
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 15E0B671014548ABCF21AF58ED0AE993B69FB41795B148418FC05CA223CB35DD52EB84
                                                                                                                                                                                                                                                                                                                                                            Function 008ED27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetUserNameW.ADVAPI32(?,?), ref: 008ED28C
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: NameUser
                                                                                                                                                                                                                                                                                                                                                            • String ID: X64
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 81dc27d0ea430a67abc2b4e79761d8c45c0193899caadc9d788e710f7a802265
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f1bc18c6a3619718e1176d6ccd1abae70be427624eee6f39b1df23953b87fc4b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81dc27d0ea430a67abc2b4e79761d8c45c0193899caadc9d788e710f7a802265
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 94D0C9B581521DEACF90CB90DC88DDDB37CFB05309F100151F106E2000D73095499F10
                                                                                                                                                                                                                                                                                                                                                            Function 0091AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 0 91aff9-91b056 call 8b2340 3 91b094-91b098 0->3 4 91b058-91b06b call 89b567 0->4 6 91b09a-91b0bb call 89b567 * 2 3->6 7 91b0dd-91b0e0 3->7 12 91b0c8 4->12 13 91b06d-91b092 call 89b567 * 2 4->13 30 91b0bf-91b0c4 6->30 9 91b0e2-91b0e5 7->9 10 91b0f5-91b119 call 897510 call 897620 7->10 14 91b0e8-91b0ed call 89b567 9->14 33 91b1d8-91b1e0 10->33 34 91b11f-91b178 call 897510 call 897620 call 897510 call 897620 call 897510 call 897620 10->34 17 91b0cb-91b0cf 12->17 13->30 14->10 22 91b0d1-91b0d7 17->22 23 91b0d9-91b0db 17->23 22->14 23->7 23->10 30->7 31 91b0c6 30->31 31->17 36 91b1e2-91b1fd call 897510 call 897620 33->36 37 91b20a-91b238 GetCurrentDirectoryW call 8afe0b GetCurrentDirectoryW 33->37 82 91b1a6-91b1d6 GetSystemDirectoryW call 8afe0b GetSystemDirectoryW 34->82 83 91b17a-91b195 call 897510 call 897620 34->83 36->37 53 91b1ff-91b208 call 8b4963 36->53 45 91b23c 37->45 48 91b240-91b244 45->48 51 91b275-91b285 call 9000d9 48->51 52 91b246-91b270 call 899c6e * 3 48->52 64 91b287-91b289 51->64 65 91b28b-91b2e1 call 9007c0 call 9006e6 call 9005a7 51->65 52->51 53->37 53->51 69 91b2ee-91b2f2 64->69 65->69 97 91b2e3 65->97 71 91b2f8-91b321 call 8f11c8 69->71 72 91b39a-91b3be CreateProcessW 69->72 87 91b323-91b328 call 8f1201 71->87 88 91b32a call 8f14ce 71->88 76 91b3c1-91b3d4 call 8afe14 * 2 72->76 103 91b3d6-91b3e8 76->103 104 91b42f-91b43d CloseHandle 76->104 82->45 83->82 105 91b197-91b1a0 call 8b4963 83->105 96 91b32f-91b33c call 8b4963 87->96 88->96 112 91b347-91b357 call 8b4963 96->112 113 91b33e-91b345 96->113 97->69 109 91b3ea 103->109 110 91b3ed-91b3fc 103->110 107 91b49c 104->107 108 91b43f-91b444 104->108 105->48 105->82 118 91b4a0-91b4a4 107->118 114 91b451-91b456 108->114 115 91b446-91b44c CloseHandle 108->115 109->110 116 91b401-91b42a GetLastError call 89630c call 89cfa0 110->116 117 91b3fe 110->117 136 91b362-91b372 call 8b4963 112->136 137 91b359-91b360 112->137 113->112 113->113 123 91b463-91b468 114->123 124 91b458-91b45e CloseHandle 114->124 115->114 126 91b4e5-91b4f6 call 900175 116->126 117->116 119 91b4b2-91b4bc 118->119 120 91b4a6-91b4b0 118->120 127 91b4c4-91b4e3 call 89cfa0 CloseHandle 119->127 128 91b4be 119->128 120->126 130 91b475-91b49a call 9009d9 call 91b536 123->130 131 91b46a-91b470 CloseHandle 123->131 124->123 127->126 128->127 130->118 131->130 146 91b374-91b37b 136->146 147 91b37d-91b398 call 8afe14 * 3 136->147 137->136 137->137 146->146 146->147 147->76
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0091B198
                                                                                                                                                                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0091B1B0
                                                                                                                                                                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0091B1D4
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0091B200
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0091B214
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0091B236
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0091B332
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 009005A7: GetStdHandle.KERNEL32(000000F6), ref: 009005C6
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0091B34B
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0091B366
                                                                                                                                                                                                                                                                                                                                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0091B3B6
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000), ref: 0091B407
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0091B439
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0091B44A
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0091B45C
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0091B46E
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0091B4E3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5054d90185cdfa3d0ba9a56467c59232adc93105778e92e2ca25fd0a0f303f6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e1f57331e3e1e4fb281216a6fb182a54f5d0e609637066d53c2d0d97820a0b4b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5054d90185cdfa3d0ba9a56467c59232adc93105778e92e2ca25fd0a0f303f6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 54F17D316082449FCB14EF28C891B6EBBE6FF85314F18895DF4959B2A2DB31DC45CB52
                                                                                                                                                                                                                                                                                                                                                            Function 0089D730 Relevance: 21.6, APIs: 14, Instructions: 631windowsleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetInputState.USER32 ref: 0089D807
                                                                                                                                                                                                                                                                                                                                                            • timeGetTime.WINMM ref: 0089DA07
                                                                                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0089DB28
                                                                                                                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 0089DB7B
                                                                                                                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 0089DB89
                                                                                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0089DB9F
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A), ref: 0089DBB1
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 05d513c4c6ae3f06a777ad96d394e6f01b21ba20762027ba5fe16206e0cdd3b5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 36f033f7d097c5ddff28991221ac54b62f65b6530414f95ab7a47c321ef7f37a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 05d513c4c6ae3f06a777ad96d394e6f01b21ba20762027ba5fe16206e0cdd3b5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 41420070608345DFDB28EF29C844BAABBE4FF86314F18452DE556C72A1D770E844DB86
                                                                                                                                                                                                                                                                                                                                                            Function 00892CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00892D07
                                                                                                                                                                                                                                                                                                                                                            • RegisterClassExW.USER32(00000030), ref: 00892D31
                                                                                                                                                                                                                                                                                                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00892D42
                                                                                                                                                                                                                                                                                                                                                            • InitCommonControlsEx.COMCTL32(?), ref: 00892D5F
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00892D6F
                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(000000A9), ref: 00892D85
                                                                                                                                                                                                                                                                                                                                                            • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00892D94
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9d263ce87585318c35fdb3f4c4721c03d40907a3be102a645db3d041058b1559
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d8e75c74054c9b484bf86a0e4b0cc68cda9cbea8fb14f83711172fb8153c22c3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d263ce87585318c35fdb3f4c4721c03d40907a3be102a645db3d041058b1559
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5721F4B5D69318AFDB10DFA4EC49BDDBBB8FB08701F04411AF611A62A0D7B10545EF91
                                                                                                                                                                                                                                                                                                                                                            Function 008D065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 457 8d065b-8d068b call 8d042f 460 8d068d-8d0698 call 8bf2c6 457->460 461 8d06a6-8d06b2 call 8c5221 457->461 466 8d069a-8d06a1 call 8bf2d9 460->466 467 8d06cb-8d0714 call 8d039a 461->467 468 8d06b4-8d06c9 call 8bf2c6 call 8bf2d9 461->468 475 8d097d-8d0983 466->475 477 8d0716-8d071f 467->477 478 8d0781-8d078a GetFileType 467->478 468->466 479 8d0756-8d077c GetLastError call 8bf2a3 477->479 480 8d0721-8d0725 477->480 481 8d078c-8d07bd GetLastError call 8bf2a3 CloseHandle 478->481 482 8d07d3-8d07d6 478->482 479->466 480->479 484 8d0727-8d0754 call 8d039a 480->484 481->466 496 8d07c3-8d07ce call 8bf2d9 481->496 487 8d07df-8d07e5 482->487 488 8d07d8-8d07dd 482->488 484->478 484->479 489 8d07e9-8d0837 call 8c516a 487->489 490 8d07e7 487->490 488->489 499 8d0839-8d0845 call 8d05ab 489->499 500 8d0847-8d086b call 8d014d 489->500 490->489 496->466 499->500 506 8d086f-8d0879 call 8c86ae 499->506 507 8d086d 500->507 508 8d087e-8d08c1 500->508 506->475 507->506 509 8d08c3-8d08c7 508->509 510 8d08e2-8d08f0 508->510 509->510 512 8d08c9-8d08dd 509->512 513 8d097b 510->513 514 8d08f6-8d08fa 510->514 512->510 513->475 514->513 516 8d08fc-8d092f CloseHandle call 8d039a 514->516 519 8d0931-8d095d GetLastError call 8bf2a3 call 8c5333 516->519 520 8d0963-8d0977 516->520 519->520 520->513
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008D039A: CreateFileW.KERNEL32(00000000,00000000,?,008D0704,?,?,00000000,?,008D0704,00000000,0000000C), ref: 008D03B7
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008D076F
                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 008D0776
                                                                                                                                                                                                                                                                                                                                                            • GetFileType.KERNEL32(00000000), ref: 008D0782
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008D078C
                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 008D0795
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 008D07B5
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 008D08FF
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008D0931
                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 008D0938
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                                                                            • String ID: H
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0b574bec533af784935a02d02adb354ff64fc9e2adab930d955f6cdbcf702167
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 119ccab581df7f2a219d5ea48e8946f6132d39bc56b26764d01f581f0549dd4d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b574bec533af784935a02d02adb354ff64fc9e2adab930d955f6cdbcf702167
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8AA1F332A141089FDF19AF68DC91BAE7BA0FB46324F14025EF815DF392D6719812DF92
                                                                                                                                                                                                                                                                                                                                                            Function 0089344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00893A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00961418,?,00892E7F,?,?,?,00000000), ref: 00893A78
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00893357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00893379
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0089356A
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 008D318D
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 008D31CE
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 008D3210
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008D3277
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008D3286
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                                                                            • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9c46cf13d1de025cff4a1427432119fd0918852e80365960d77f6a26be8b21ef
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 28b2afaf81e98b32615296baf8ab3e6081c5133bae45c7e4f4c5896b4e2a66f0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c46cf13d1de025cff4a1427432119fd0918852e80365960d77f6a26be8b21ef
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1571C0714187019EC714EF69EC82C6BBBE8FF95B40F44092EF585C32A0EB708A48DB52
                                                                                                                                                                                                                                                                                                                                                            Function 00892B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00892B8E
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 00892B9D
                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(00000063), ref: 00892BB3
                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(000000A4), ref: 00892BC5
                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(000000A2), ref: 00892BD7
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00892BEF
                                                                                                                                                                                                                                                                                                                                                            • RegisterClassExW.USER32(?), ref: 00892C40
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00892CD4: GetSysColorBrush.USER32(0000000F), ref: 00892D07
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00892CD4: RegisterClassExW.USER32(00000030), ref: 00892D31
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00892CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00892D42
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00892CD4: InitCommonControlsEx.COMCTL32(?), ref: 00892D5F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00892CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00892D6F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00892CD4: LoadIconW.USER32(000000A9), ref: 00892D85
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00892CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00892D94
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: dae07537430594fac7219fbbffe6d229305b5dbb01ede552acd4727e1e41d7d9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 23af842c03e8c5830eeea6cdf59829ea097ba2a58d5c38de74b6df0bf62aaab1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dae07537430594fac7219fbbffe6d229305b5dbb01ede552acd4727e1e41d7d9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 782109B4E28314ABDB109FA5EC55E9D7FB4FB48B50F48001EE501A67A0D7F14640EF90
                                                                                                                                                                                                                                                                                                                                                            Function 00893170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 598 893170-893185 599 8931e5-8931e7 598->599 600 893187-89318a 598->600 599->600 603 8931e9 599->603 601 8931eb 600->601 602 89318c-893193 600->602 607 8d2dfb-8d2e23 call 8918e2 call 8ae499 601->607 608 8931f1-8931f6 601->608 604 893199-89319e 602->604 605 893265-89326d PostQuitMessage 602->605 606 8931d0-8931d8 DefWindowProcW 603->606 612 8d2e7c-8d2e90 call 8fbf30 604->612 613 8931a4-8931a8 604->613 615 893219-89321b 605->615 614 8931de-8931e4 606->614 643 8d2e28-8d2e2f 607->643 609 8931f8-8931fb 608->609 610 89321d-893244 SetTimer RegisterWindowMessageW 608->610 616 8d2d9c-8d2d9f 609->616 617 893201-89320f KillTimer call 8930f2 609->617 610->615 619 893246-893251 CreatePopupMenu 610->619 612->615 637 8d2e96 612->637 620 8d2e68-8d2e72 call 8fc161 613->620 621 8931ae-8931b3 613->621 615->614 629 8d2dd7-8d2df6 MoveWindow 616->629 630 8d2da1-8d2da5 616->630 632 893214 call 893c50 617->632 619->615 633 8d2e77 620->633 626 8d2e4d-8d2e54 621->626 627 8931b9-8931be 621->627 626->606 631 8d2e5a-8d2e63 call 8f0ad7 626->631 635 893253-893263 call 89326f 627->635 636 8931c4-8931ca 627->636 629->615 638 8d2da7-8d2daa 630->638 639 8d2dc6-8d2dd2 SetFocus 630->639 631->606 632->615 633->615 635->615 636->606 636->643 637->606 638->636 644 8d2db0-8d2dc1 call 8918e2 638->644 639->615 643->606 648 8d2e35-8d2e48 call 8930f2 call 893837 643->648 644->615 648->606
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0089316A,?,?), ref: 008931D8
                                                                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,00000001,?,?,?,?,?,0089316A,?,?), ref: 00893204
                                                                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00893227
                                                                                                                                                                                                                                                                                                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0089316A,?,?), ref: 00893232
                                                                                                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 00893246
                                                                                                                                                                                                                                                                                                                                                            • PostQuitMessage.USER32(00000000), ref: 00893267
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                                                                            • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 85dbc354e9583e27a8944e6655cf7c1c1c7427f6ea821a9dfa50be8d90f465b3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3a6925981b7f8a7f14ad14ecfbbb06f0ac2e985d85b9d33a8cd68b61d3fd401c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 85dbc354e9583e27a8944e6655cf7c1c1c7427f6ea821a9dfa50be8d90f465b3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1F41F731258208A7DF253BB89D0DB7D375AFB05345F0C012AF512D67B1CBA19A41A7A2
                                                                                                                                                                                                                                                                                                                                                            Function 00891410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 654 891410-891449 655 8d24b8-8d24b9 DestroyWindow 654->655 656 89144f-891465 mciSendStringW 654->656 659 8d24c4-8d24d1 655->659 657 89146b-891473 656->657 658 8916c6-8916d3 656->658 657->659 660 891479-891488 call 89182e 657->660 661 8916f8-8916ff 658->661 662 8916d5-8916f0 UnregisterHotKey 658->662 664 8d2500-8d2507 659->664 665 8d24d3-8d24d6 659->665 675 8d250e-8d251a 660->675 676 89148e-891496 660->676 661->657 663 891705 661->663 662->661 667 8916f2-8916f3 call 8910d0 662->667 663->658 664->659 669 8d2509 664->669 670 8d24d8-8d24e0 call 896246 665->670 671 8d24e2-8d24e5 FindClose 665->671 667->661 669->675 674 8d24eb-8d24f8 670->674 671->674 674->664 677 8d24fa-8d24fb call 9032b1 674->677 680 8d251c-8d251e FreeLibrary 675->680 681 8d2524-8d252b 675->681 678 89149c-8914c1 call 89cfa0 676->678 679 8d2532-8d253f 676->679 677->664 691 8914f8-891503 CoUninitialize 678->691 692 8914c3 678->692 686 8d2566-8d256d 679->686 687 8d2541-8d255e VirtualFree 679->687 680->681 681->675 685 8d252d 681->685 685->679 686->679 690 8d256f 686->690 687->686 689 8d2560-8d2561 call 903317 687->689 689->686 694 8d2574-8d2578 690->694 691->694 696 891509-89150e 691->696 695 8914c6-8914f6 call 891a05 call 8919ae 692->695 694->696 697 8d257e-8d2584 694->697 695->691 699 8d2589-8d2596 call 9032eb 696->699 700 891514-89151e 696->700 697->696 712 8d2598 699->712 703 891524-8915a5 call 89988f call 891944 call 8917d5 call 8afe14 call 89177c call 89988f call 89cfa0 call 8917fe call 8afe14 700->703 704 891707-891714 call 8af80e 700->704 717 8d259d-8d25bf call 8afdcd 703->717 744 8915ab-8915cf call 8afe14 703->744 704->703 714 89171a 704->714 712->717 714->704 723 8d25c1 717->723 726 8d25c6-8d25e8 call 8afdcd 723->726 731 8d25ea 726->731 734 8d25ef-8d2611 call 8afdcd 731->734 740 8d2613 734->740 743 8d2618-8d2625 call 8f64d4 740->743 750 8d2627 743->750 744->726 749 8915d5-8915f9 call 8afe14 744->749 749->734 754 8915ff-891619 call 8afe14 749->754 753 8d262c-8d2639 call 8aac64 750->753 758 8d263b 753->758 754->743 760 89161f-891643 call 8917d5 call 8afe14 754->760 761 8d2640-8d264d call 903245 758->761 760->753 769 891649-891651 760->769 767 8d264f 761->767 770 8d2654-8d2661 call 9032cc 767->770 769->761 771 891657-891675 call 89988f call 89190a 769->771 777 8d2663 770->777 771->770 779 89167b-891689 771->779 780 8d2668-8d2675 call 9032cc 777->780 779->780 781 89168f-8916c5 call 89988f * 3 call 891876 779->781 785 8d2677 780->785 785->785
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00891459
                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.COMBASE ref: 008914F8
                                                                                                                                                                                                                                                                                                                                                            • UnregisterHotKey.USER32(?), ref: 008916DD
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 008D24B9
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 008D251E
                                                                                                                                                                                                                                                                                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000), ref: 008D254B
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: close all
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e74a7358a6a16d7fb9e13e5c888f3e6541db2f8585e459a7f38ccc4b9ea0ecea
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 35e1daf44358ee6d9c0f71aa001b4afc0787b7cc3c33fa547ccbf9e19d044cb7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e74a7358a6a16d7fb9e13e5c888f3e6541db2f8585e459a7f38ccc4b9ea0ecea
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CED17A306052128FDF29EF58D899A28F7A4FF15710F1942AEE54AEB352CB30AC12CF51
                                                                                                                                                                                                                                                                                                                                                            Function 008FDE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 793 8fde27-8fde4a WSAStartup 794 8fdee6-8fdef2 call 8b4983 793->794 795 8fde50-8fde71 gethostname gethostbyname 793->795 803 8fdef3-8fdef6 794->803 795->794 796 8fde73-8fde7a 795->796 798 8fde7c-8fde81 796->798 799 8fde83-8fde85 796->799 798->798 798->799 801 8fde87-8fde94 call 8b4983 799->801 802 8fde96-8fdedb call 8b0e20 inet_ntoa call 8bd5f0 call 8febd1 call 8b4983 call 8afe14 799->802 808 8fdede-8fdee4 WSACleanup 801->808 802->808 808->803
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ab203b34192b9c27004248e6dd779b882d0344f59d4ba8068d2bf82a207f7ba6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5682750899a8b46527d3474a1d4530eb0cff5e51abe7764d22b7eab4247d3d00
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ab203b34192b9c27004248e6dd779b882d0344f59d4ba8068d2bf82a207f7ba6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 92110671904218ABCB30BB749C0AEEE77ADFF11715F010169F745EA192EF718A819A61
                                                                                                                                                                                                                                                                                                                                                            Function 00892C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 827 892c63-892cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00892C91
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00892CB2
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00891CAD,?), ref: 00892CC6
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00891CAD,?), ref: 00892CCF
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                                                                            • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5d688989f4328e9c6191431fe38cd3234dda0d94da89d1664a35ca2731dd0e44
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 16086661ea0bb5467170e13aa6e4ded9668d2ab2685a79c4ed768fc568a9c398
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d688989f4328e9c6191431fe38cd3234dda0d94da89d1664a35ca2731dd0e44
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2F0FEB55643907AEB711717AC08E7B3EBDD7CAF50F04005EF901A36A0C6B11851FAB1
                                                                                                                                                                                                                                                                                                                                                            Function 00893B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 978 893b1c-893b27 979 893b99-893b9b 978->979 980 893b29-893b2e 978->980 981 893b8c-893b8f 979->981 980->979 982 893b30-893b48 RegOpenKeyExW 980->982 982->979 983 893b4a-893b69 RegQueryValueExW 982->983 984 893b6b-893b76 983->984 985 893b80-893b8b RegCloseKey 983->985 986 893b78-893b7a 984->986 987 893b90-893b97 984->987 985->981 988 893b7e 986->988 987->988 988->985
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00893B0F,SwapMouseButtons,00000004,?), ref: 00893B40
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00893B0F,SwapMouseButtons,00000004,?), ref: 00893B61
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00893B0F,SwapMouseButtons,00000004,?), ref: 00893B83
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                            • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 74dff3abd12816532a9f2a4981b459ca14873aba5954229fb5d068bd7bef8bf4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 86e8bfc48efd9721b9eaffcbc13740dbd8ea730302b4055da9ac2f5be9c5e1d4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 74dff3abd12816532a9f2a4981b459ca14873aba5954229fb5d068bd7bef8bf4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 97112AB5520208FFDF209FA5DC44EAEB7B8FF05754B144459A805D7210D2719E41A7A0
                                                                                                                                                                                                                                                                                                                                                            Function 008ED3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 989 8ed3a0-8ed3a9 990 8ed3ab-8ed3b7 989->990 991 8ed376-8ed37b 989->991 993 8ed3c9 990->993 994 8ed3b9-8ed3c7 GetProcAddress 990->994 992 8ed292-8ed2a8 991->992 997 8ed2a9 992->997 995 8ed3ce-8ed3de 993->995 994->993 994->995 995->992 999 8ed3e4-8ed3eb FreeLibrary 995->999 997->997 999->992
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 008ED3BF
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32 ref: 008ED3E5
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3013587201-2590602151
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 74849476ac59ca70e728ae875e0f080d4ca115f6beb6b6416f8e90d6ea32c305
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 91ced510ec9539a3fb5908540f2794317a951b155fa1ba4f4062fcc059781c8c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 74849476ac59ca70e728ae875e0f080d4ca115f6beb6b6416f8e90d6ea32c305
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F9F0ABB190EB71DBD33152134C5496E3320FF03706B588115FA02E624AE720CD4E82E2
                                                                                                                                                                                                                                                                                                                                                            Function 0089DFD0 Relevance: 6.7, APIs: 2, Strings: 1, Instructions: 1414COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            • Variable must be of type 'Object'., xrefs: 008E32B7
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-109567571
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0a1d5b2de4380ab7f111ab9ec2ca4528869b4dc4b0311002236a5f3158bcd09a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a95f77c1f62306551ee492babf99a290f2d53d34d8ec7673f1d99007a33c9782
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a1d5b2de4380ab7f111ab9ec2ca4528869b4dc4b0311002236a5f3158bcd09a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17C27970A00214DFCF24EF98C884AADBBB1FB19314F288569E956EB391D375ED41CB91
                                                                                                                                                                                                                                                                                                                                                            Function 0089EC40 Relevance: 5.7, APIs: 3, Instructions: 1195COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 0089FE66
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4f40141fddcd2cc631ef18353f1787fa17ec6d9b0ec25576277faef23ead7568
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4395d146b406582efe3cbf7488a492d1b44d2172e27683277163030cc965f26c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f40141fddcd2cc631ef18353f1787fa17ec6d9b0ec25576277faef23ead7568
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7B25B74608341CFDB28EF18C490A2ABBE1FB95314F28486DF999DB352D771E841DB92
                                                                                                                                                                                                                                                                                                                                                            Function 00893923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 008D33A2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00896B57: _wcslen.LIBCMT ref: 00896B6A
                                                                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00893A04
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: Line:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ab1c9eee82a608ff585583c52ab65e3ccefd8297a3a7ada488433ac24984fa99
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a3024f1789a461adda91fbd15b40ce8b9cc6e7825fb59294a48ea318d79cf24b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ab1c9eee82a608ff585583c52ab65e3ccefd8297a3a7ada488433ac24984fa99
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 24319E71408304AACB25FB24DC45BEBB7E8FB45714F08452EF59AD2291EBB09A4897C3
                                                                                                                                                                                                                                                                                                                                                            Function 008AFDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 008B0668
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B32A4: RaiseException.KERNEL32(?,?,?,008B068A,?,00961444,?,?,?,?,?,?,008B068A,00891129,00958738,00891129), ref: 008B3304
                                                                                                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 008B0685
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                            • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cae41efc5f43434e1d54b72f41f009ef58a62cf49f23474686318fb490d0a5ba
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 00b10530fef9474ccab8bf72a0560d0463bf983825b11f5031a3c560354be037
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cae41efc5f43434e1d54b72f41f009ef58a62cf49f23474686318fb490d0a5ba
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5FF0C23490030D778F10B6A8D846CDF776CFE51354B604131B914E6AA2EF71EA29CE82
                                                                                                                                                                                                                                                                                                                                                            Function 008910F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00891BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00891BF4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00891BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00891BFC
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00891BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00891C07
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00891BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00891C12
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00891BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00891C1A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00891BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00891C22
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00891B4A: RegisterWindowMessageW.USER32(00000004,?,008912C4), ref: 00891BA2
                                                                                                                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0089136A
                                                                                                                                                                                                                                                                                                                                                            • OleInitialize.OLE32 ref: 00891388
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000), ref: 008D24AB
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5b41b78a2b775e05ec0ca251360b0a7f890c8316d8e3332f35c1cec92e9db017
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0d620dbd461a26656187f62bdc0be0d2c1a0ff9f6a06bcc9b71b5d8dd89a5b71
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b41b78a2b775e05ec0ca251360b0a7f890c8316d8e3332f35c1cec92e9db017
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD719EB89293018FCB94EF7EA945659BAE5FB8834475C812EE01BC7271EBB04441FF46
                                                                                                                                                                                                                                                                                                                                                            Function 008FC161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00893923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00893A04
                                                                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 008FC259
                                                                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,00000001,?,?), ref: 008FC261
                                                                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 008FC270
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6dd7f2f48ef0ec329a65627a81660d453c7b5f1ec17ab1c2e7b152e821a0a0db
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 21d20694b62bce18437a5170261195a419c7d0bd5718d9bee1e17d384bbe80c2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6dd7f2f48ef0ec329a65627a81660d453c7b5f1ec17ab1c2e7b152e821a0a0db
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FA31507090434CAFEB329B748955BEABBECEB06308F04049AD69AA7241C7745B85DB51
                                                                                                                                                                                                                                                                                                                                                            Function 008C86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,?,?,008C85CC,?,00958CC8,0000000C), ref: 008C8704
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,008C85CC,?,00958CC8,0000000C), ref: 008C870E
                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 008C8739
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 35c035248079ffd473162e05b4480642cc588d6ffa3bdb1937ac82ec6d47ae49
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4455a974d03749d28d6183481873a8d493c017a93db1ac32bb241528dc2e726f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 35c035248079ffd473162e05b4480642cc588d6ffa3bdb1937ac82ec6d47ae49
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE012F32645560A6D62462385C49F7F6775EB92778F35021DF814CB2D2DEB0DCC19151
                                                                                                                                                                                                                                                                                                                                                            Function 0089DB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 0089DB7B
                                                                                                                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 0089DB89
                                                                                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0089DB9F
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A), ref: 0089DBB1
                                                                                                                                                                                                                                                                                                                                                            • TranslateAcceleratorW.USER32(?,?,?), ref: 008E1CC9
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f9dd338e5dc12beefce4b45ecac8ec0f5fbe02f4a2cf4a5e75eaa5410fdf064b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6fee235694796d97a6790c2d6d94b5fd0da2f401dd90345bf4cea248f06a700e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9dd338e5dc12beefce4b45ecac8ec0f5fbe02f4a2cf4a5e75eaa5410fdf064b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1FF05E706183809BEB30DB608C49FAA73ACFB45310F144A29E60AD30C0DB70A4899B25
                                                                                                                                                                                                                                                                                                                                                            Function 008A1310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 008A17F6
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                            • String ID: CALL
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: baab4343375a03806a5e21dc0d037e07fe92393aa659e4d110a8ff97eecff73f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 39f7d20a374ba6fdc236f09954c1bcec1e20a563a46046332b58b72099b3c0cf
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: baab4343375a03806a5e21dc0d037e07fe92393aa659e4d110a8ff97eecff73f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B228C706082419FEB14DF19C484A2ABBF1FF96354F18892DF496CB7A2D771E851CB82
                                                                                                                                                                                                                                                                                                                                                            Function 008A01E0 Relevance: 3.6, APIs: 2, Instructions: 643COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 84147e9dd8def57ad7e78960c034f05faa11317add86d9757d4354bdc076081c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e9a1be73fcc97ec560f598db135e85e2261575fd9b6ba518926595a230450477
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 84147e9dd8def57ad7e78960c034f05faa11317add86d9757d4354bdc076081c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C532BE70A00605DFEF24DF59C885BAEB7A1FF06318F148529F916EB6A1D731AD40CB92
                                                                                                                                                                                                                                                                                                                                                            Function 00892DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetOpenFileNameW.COMDLG32(?), ref: 008D2C8C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00893AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00893A97,?,?,00892E7F,?,?,?,00000000), ref: 00893AC2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00892DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00892DC4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                                                                            • String ID: X
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 779396738-3081909835
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0ed4b96ec2f376f98325954ae7161ed82275fbaccc16508ae0fcd50754671f65
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c91f5a0d5cb40f5cf315136829a709ea0c671cc117148384939478fe7b9c2347
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ed4b96ec2f376f98325954ae7161ed82275fbaccc16508ae0fcd50754671f65
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A421C371A10258AFCF01EF98C845BEE7BF8FF48315F04405AE405E7341EBB45A498BA2
                                                                                                                                                                                                                                                                                                                                                            Function 008ED363 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetComputerNameW.KERNEL32(?,?), ref: 008ED375
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ComputerName
                                                                                                                                                                                                                                                                                                                                                            • String ID: X64
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3545744682-893830106
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cd4cbe1df5a741b5cb2d7a653802dc1b1bcee3c8c11b860b9f47ae1bd81d71e1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8b0b24994fe1931753eab8ec147336deb22a7ff0f4aa91801a17d025b6f3be75
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd4cbe1df5a741b5cb2d7a653802dc1b1bcee3c8c11b860b9f47ae1bd81d71e1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08D0C9B581525CEACB90CB41DC88DDDB37CFF05309F504551F102E2400D730A5489B10
                                                                                                                                                                                                                                                                                                                                                            Function 00893837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00893908
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 76eeb17d8f5ac7cca37728bc77b0428c05ab2cc0ee0212be830e7654709b401c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 21b7b6c13e7dca0bdeaa9d30f2006a82c792022f004b200fea3035caf123ef8f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 76eeb17d8f5ac7cca37728bc77b0428c05ab2cc0ee0212be830e7654709b401c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9831A5706083019FD720EF64D884B97BBE4FB49708F04092EF59AD7350E7B1AA44DB92
                                                                                                                                                                                                                                                                                                                                                            Function 008AF645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • timeGetTime.WINMM ref: 008AF661
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0089D730: GetInputState.USER32 ref: 0089D807
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 008EF2DE
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4149333218-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a675b1a033f6235f664c23328275181cac2081557ea2ccda77eacdbbea1cd846
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9443d75bbc372ee0309d6825cca68b0b25adca336c7c5b45d969006b2dfab4b9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a675b1a033f6235f664c23328275181cac2081557ea2ccda77eacdbbea1cd846
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D7F0A071244605AFD310FFB9E549B6AB7E8FF46761F000029F959C7361DB70A800CB92
                                                                                                                                                                                                                                                                                                                                                            Function 0089B710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 0089BB4E
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1b3f04b6884207cab4a2dc53558ae9630c7ab9a85d1ffec6968724059c5c624e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 408bcbd1beadaf2f418491b04f630a42536adf367d292de5e8657dcd87051f45
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b3f04b6884207cab4a2dc53558ae9630c7ab9a85d1ffec6968724059c5c624e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F32DC30A00249EFDF20DF59D984ABAB7B9FF45314F188059E906EB351D7B4AD81CB91
                                                                                                                                                                                                                                                                                                                                                            Function 00894ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00894E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00894EDD,?,00961418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00894E9C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00894E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00894EAE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00894E90: FreeLibrary.KERNEL32(00000000,?,?,00894EDD,?,00961418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00894EC0
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00961418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00894EFD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00894E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,008D3CDE,?,00961418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00894E62
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00894E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00894E74
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00894E59: FreeLibrary.KERNEL32(00000000,?,?,008D3CDE,?,00961418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00894E87
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8b69a12b74fbf73204574a310d78d0e6325e19c693a9ea0a1735fd059f9da5e9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e6d1266c9f54773a2ef5d36a5a908c7b38ecdc95044cdbf7dc929844049cdcbc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b69a12b74fbf73204574a310d78d0e6325e19c693a9ea0a1735fd059f9da5e9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F11E332610206AACF24BF68DC02FAD77A5FF40754F14842EF542E62D1EE709A069752
                                                                                                                                                                                                                                                                                                                                                            Function 008C8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a9b92e1c562d6b3542e86ac429d90e992d1faa678ce17fd50cc4528eba1f4b00
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a5083a7febc39ae3059187483c17c341bf574336568f2d1a24e197245a54617f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a9b92e1c562d6b3542e86ac429d90e992d1faa678ce17fd50cc4528eba1f4b00
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1911067590410AEFCB09DF58E941E9A7BF9FF48314F154069F808EB312DA31DA118BA5
                                                                                                                                                                                                                                                                                                                                                            Function 008C5000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008C4C7D: RtlAllocateHeap.NTDLL(00000008,00891129,00000000,?,008C2E29,00000001,00000364,?,?,?,008BF2DE,008C3863,00961444,?,008AFDF5,?), ref: 008C4CBE
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008C506C
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 614378929-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 800f1f7c456e79f56497951ae311af87e7a36e2de5bd512f15f5061af29902c0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A012672204B046BE721CE699881F5AFBF8FB89370F25051DE584C32C0EA30E845C6B4
                                                                                                                                                                                                                                                                                                                                                            Function 008BE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 236fea34805a80266800176e8e5155fe3b2efefbbcda6b351d84c8fb41a8b388
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BFF06D32511A14AED6312A6D9C05FDA27A8FF62335F100619F925D23D2DA74E805C6A6
                                                                                                                                                                                                                                                                                                                                                            Function 008C4C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000008,00891129,00000000,?,008C2E29,00000001,00000364,?,?,?,008BF2DE,008C3863,00961444,?,008AFDF5,?), ref: 008C4CBE
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 25384aaacff44599c3c2433ed6397a438204bdd454abe9cf8238d0f3b3d78cc1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f36917f3ed5f5642b8eae424ddf131f7450b4de76af5236e8e680b7d08e47aff
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 25384aaacff44599c3c2433ed6397a438204bdd454abe9cf8238d0f3b3d78cc1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E9F0243160622467DB201F269C16F9A37A8FF403B0B046119FC05E62A1CAB0D84042E0
                                                                                                                                                                                                                                                                                                                                                            Function 008C3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,00961444,?,008AFDF5,?,?,0089A976,00000010,00961440,008913FC,?,008913C6,?,00891129), ref: 008C3852
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e15aabee7f0bb796454bc579a3ce4538746a1ccb5e24f49a774eee475aa23e54
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 592a268a774d07c1c6a910e22b1cf780f33aa0ee79b99d2f2defffefe2a13e65
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e15aabee7f0bb796454bc579a3ce4538746a1ccb5e24f49a774eee475aa23e54
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FEE0E53110822457E6312A6A9C02FDA3778FB427B0F058038BC15D2692CB70DE0385E1
                                                                                                                                                                                                                                                                                                                                                            Function 00894F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,00961418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00894F6D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 39bb8375506e9b740dfd34883b87de1cf7188290e5e5cbcc4081d5cd7fa63afc
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7542eecfd74a6ae9487c1846a06ffbf89a5899d8ff3738e22445fde5df442b6e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 39bb8375506e9b740dfd34883b87de1cf7188290e5e5cbcc4081d5cd7fa63afc
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4FF015B1109752CFDB34AF64D494C66BBE4FF143293289A6EE1EAC2621CB319845DB10
                                                                                                                                                                                                                                                                                                                                                            Function 00922A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • IsWindow.USER32(00000000), ref: 00922A66
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2353593579-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5d794e7c05b90300d0257439a579b175334b0082031c73221653184d262b88b7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: aa5fa0a211dea0612f0ae67b717935d25007c3c7b3e8d5ecd2d40c1b5f06e6b2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d794e7c05b90300d0257439a579b175334b0082031c73221653184d262b88b7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16E0DF3235422ABAC710EB30EC809FE734CEB543907100536AC16C2590DB34998182A0
                                                                                                                                                                                                                                                                                                                                                            Function 008930F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000002,?), ref: 0089314E
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: aeb6b2a8347423c4c856e98b3b5d9350afb559f579edec67031cf192d6714624
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b2ae2000cba55576ddd15721df82509998a945e6a00fab1e727aa7277b30d08f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aeb6b2a8347423c4c856e98b3b5d9350afb559f579edec67031cf192d6714624
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A7F0A7709183049FEB52AB24DC45BDA7BFCB701708F0400E9E149D6391D7B05788DF81
                                                                                                                                                                                                                                                                                                                                                            Function 00892DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00892DC4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00896B57: _wcslen.LIBCMT ref: 00896B6A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9e9a83864cb6431eb5bb39d28425194e25c5b646d4edc222299dca02119108fd
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 22dae07b4a1793604007a3ca8e436f36228cf0272beddce6e0b419be6a5024a0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e9a83864cb6431eb5bb39d28425194e25c5b646d4edc222299dca02119108fd
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4E0CD726041245BCB20A39CDC05FDA77DDEFC8790F040171FD09D7248ED60ED848551
                                                                                                                                                                                                                                                                                                                                                            Function 00892B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00893837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00893908
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0089D730: GetInputState.USER32 ref: 0089D807
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00892B6B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008930F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0089314E
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3667716007-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6f06e02803a0524bb4e4f2f6ff81353edeca4508b7005711d0a38faf5629ddfa
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b98a53f69119ddb04c254cc7230c53cc1c5707674e02e5c28968940bd2ead9e8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f06e02803a0524bb4e4f2f6ff81353edeca4508b7005711d0a38faf5629ddfa
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CEE0862130434416CE18BB7D985257DA799FBD5351F4C153EF146D3172DE6445454253
                                                                                                                                                                                                                                                                                                                                                            Function 008FDF27 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 008FDF40
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00896B57: _wcslen.LIBCMT ref: 00896B6A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FolderPath_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2987691875-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0f418ffacbabf301a73c62046cb2b988ec9bedc01769dfc980fa15491618451e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a920c655ee2584f57897da425de8bdc80769100d59cc9c2649cdf7cfaf7d049a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f418ffacbabf301a73c62046cb2b988ec9bedc01769dfc980fa15491618451e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 27D05EE2A002282BDF60B6749C0DDFB3AACD740220F0006A0786DD3152F920DE4586B0
                                                                                                                                                                                                                                                                                                                                                            Function 008D039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(00000000,00000000,?,008D0704,?,?,00000000,?,008D0704,00000000,0000000C), ref: 008D03B7
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f6fb27f156d3203d4ebc8efb55de492b22e4c2461b81ff4d83132a1aecf4fe96
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fa79bcd366218414ed4a0a73c82ecf08c83433f5f4f99570275048d5f769fec2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f6fb27f156d3203d4ebc8efb55de492b22e4c2461b81ff4d83132a1aecf4fe96
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8D06C3205410DBBDF129F84DD06EDA3BAAFB48714F014000BE1856021C732E832AB90
                                                                                                                                                                                                                                                                                                                                                            Function 00891CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00891CBC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3098949447-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f29f214c0c3596f4df1ae9b8f0e0985eed36f7c5530a3a0ddc0d4fa557bf138b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 92963e06b4f375e39d97179305db82b64f417297f3a27d8cbc09edb8539fa819
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f29f214c0c3596f4df1ae9b8f0e0985eed36f7c5530a3a0ddc0d4fa557bf138b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0CC092362AC304AFF3248B80BC4AF147764A758B00F088005F60AA96E3C3E26820FA90

                                                                                                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                            Function 00929576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008A9BB2
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0092961A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0092965B
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0092969F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 009296C9
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 009296F2
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000011), ref: 0092978B
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000009), ref: 00929798
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 009297AE
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000010), ref: 009297B8
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 009297E9
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 00929810
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001030,?,00927E95), ref: 00929918
                                                                                                                                                                                                                                                                                                                                                            • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0092992E
                                                                                                                                                                                                                                                                                                                                                            • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00929941
                                                                                                                                                                                                                                                                                                                                                            • SetCapture.USER32(?), ref: 0092994A
                                                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 009299AF
                                                                                                                                                                                                                                                                                                                                                            • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 009299BC
                                                                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 009299D6
                                                                                                                                                                                                                                                                                                                                                            • ReleaseCapture.USER32 ref: 009299E1
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00929A19
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00929A26
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 00929A80
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 00929AAE
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 00929AEB
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 00929B1A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00929B3B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00929B4A
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00929B68
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00929B75
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 00929B93
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 00929BFA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 00929C2B
                                                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 00929C84
                                                                                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00929CB4
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 00929CDE
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 00929D01
                                                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 00929D4E
                                                                                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00929D82
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A9944: GetWindowLongW.USER32(?,000000EB), ref: 008A9952
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00929E05
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                                                                                                                                                            • String ID: @GUI_DRAGID$F
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3429851547-4164748364
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 433778318564e539dd0b2b913c6c8d4395f7a85240f76fc14a06d5c860623896
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4813a71111500988038904f46280012160892ce3022712ce4ccc4c092347e004
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 433778318564e539dd0b2b913c6c8d4395f7a85240f76fc14a06d5c860623896
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E242DD70208211AFDB24CF28EC44EAABBE9FF49314F140A1DF699872A4D731E851DF52
                                                                                                                                                                                                                                                                                                                                                            Function 00924873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 009248F3
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00924908
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00924927
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0092494B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0092495C
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0092497B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 009249AE
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 009249D4
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00924A0F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00924A56
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00924A7E
                                                                                                                                                                                                                                                                                                                                                            • IsMenu.USER32(?), ref: 00924A97
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00924AF2
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00924B20
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00924B94
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00924BE3
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00924C82
                                                                                                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 00924CAE
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00924CC9
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 00924CF1
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00924D13
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00924D33
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 00924D5A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                                                                                                                                                            • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4054740463-328681919
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 65dc250eaf42fcc61f9d2c22a7ff77f58e7a8832ef1639aca0b74d9b04d1ba84
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 00e3a2984b55572b9fe2dc53d9598838d605c742406f20c8362de4444b75b01f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 65dc250eaf42fcc61f9d2c22a7ff77f58e7a8832ef1639aca0b74d9b04d1ba84
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9212F171600225ABEB248F28EC49FAE7BF8FF85710F104529F516EB2E5DB789941CB50
                                                                                                                                                                                                                                                                                                                                                            Function 008AF98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 008AF998
                                                                                                                                                                                                                                                                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 008EF474
                                                                                                                                                                                                                                                                                                                                                            • IsIconic.USER32(00000000), ref: 008EF47D
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,00000009), ref: 008EF48A
                                                                                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 008EF494
                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 008EF4AA
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 008EF4B1
                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 008EF4BD
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 008EF4CE
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 008EF4D6
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 008EF4DE
                                                                                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 008EF4E1
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 008EF4F6
                                                                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 008EF501
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 008EF50B
                                                                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 008EF510
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 008EF519
                                                                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 008EF51E
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 008EF528
                                                                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 008EF52D
                                                                                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 008EF530
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,000000FF,00000000), ref: 008EF557
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                                                                                            • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 939ede3ac10b7bf312df9464f4d0b76f07cc67f2253a0124c9b089faefe00293
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0d55460cdbaedcab1cb441cb2fbc0c6ad2cb1090a77230e2aa4850ff5a608461
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 939ede3ac10b7bf312df9464f4d0b76f07cc67f2253a0124c9b089faefe00293
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D53130B1A54218BAEB316BB65C4AFBF7E6CFB45B50F100065FA01E61D1C6B19901BBA0
                                                                                                                                                                                                                                                                                                                                                            Function 008F1201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 008F170D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 008F173A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F16C3: GetLastError.KERNEL32 ref: 008F174A
                                                                                                                                                                                                                                                                                                                                                            • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 008F1286
                                                                                                                                                                                                                                                                                                                                                            • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 008F12A8
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 008F12B9
                                                                                                                                                                                                                                                                                                                                                            • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 008F12D1
                                                                                                                                                                                                                                                                                                                                                            • GetProcessWindowStation.USER32 ref: 008F12EA
                                                                                                                                                                                                                                                                                                                                                            • SetProcessWindowStation.USER32(00000000), ref: 008F12F4
                                                                                                                                                                                                                                                                                                                                                            • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 008F1310
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,008F11FC), ref: 008F10D4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F10BF: CloseHandle.KERNEL32(?,?,008F11FC), ref: 008F10E9
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                                                                                            • String ID: $default$winsta0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 22674027-1027155976
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b359e1ddcdeae957f8428d2d51d3f11b18c1ff1e5f2cf146ed30dabf003b7ea9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a6ae81dcb3d6b9ae1f8e9f51531b02ecb589c112b293cdad1d7f72fd99b0343c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b359e1ddcdeae957f8428d2d51d3f11b18c1ff1e5f2cf146ed30dabf003b7ea9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 608188B1900209EBDF249FA8CC89BFE7BBAFF44704F144129FA11E62A1D7308955DB65
                                                                                                                                                                                                                                                                                                                                                            Function 008F0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 008F1114
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,008F0B9B,?,?,?), ref: 008F1120
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,008F0B9B,?,?,?), ref: 008F112F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,008F0B9B,?,?,?), ref: 008F1136
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 008F114D
                                                                                                                                                                                                                                                                                                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 008F0BCC
                                                                                                                                                                                                                                                                                                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 008F0C00
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 008F0C17
                                                                                                                                                                                                                                                                                                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 008F0C51
                                                                                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 008F0C6D
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 008F0C84
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 008F0C8C
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 008F0C93
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 008F0CB4
                                                                                                                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000), ref: 008F0CBB
                                                                                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 008F0CEA
                                                                                                                                                                                                                                                                                                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 008F0D0C
                                                                                                                                                                                                                                                                                                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 008F0D1E
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008F0D45
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 008F0D4C
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008F0D55
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 008F0D5C
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008F0D65
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 008F0D6C
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 008F0D78
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 008F0D7F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F1193: GetProcessHeap.KERNEL32(00000008,008F0BB1,?,00000000,?,008F0BB1,?), ref: 008F11A1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,008F0BB1,?), ref: 008F11A8
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,008F0BB1,?), ref: 008F11B7
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3273f70116be7978fe8e1d29911112cc4e5e17182c002ec48db7ae0513357611
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8ead7a390e6ac9483ddd1f21660ab863d80b75e5e3f9e38af61572c3d40a6a70
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3273f70116be7978fe8e1d29911112cc4e5e17182c002ec48db7ae0513357611
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52714BB190420EAFDF209FA4DC45BBEBBB9FF04300F144615EA14E6192D775A906DFA0
                                                                                                                                                                                                                                                                                                                                                            Function 0090EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • OpenClipboard.USER32(0092CC08), ref: 0090EB29
                                                                                                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(0000000D), ref: 0090EB37
                                                                                                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(0000000D), ref: 0090EB43
                                                                                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 0090EB4F
                                                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 0090EB87
                                                                                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 0090EB91
                                                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 0090EBBC
                                                                                                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(00000001), ref: 0090EBC9
                                                                                                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(00000001), ref: 0090EBD1
                                                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 0090EBE2
                                                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 0090EC22
                                                                                                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(0000000F), ref: 0090EC38
                                                                                                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(0000000F), ref: 0090EC44
                                                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 0090EC55
                                                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0090EC77
                                                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0090EC94
                                                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0090ECD2
                                                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 0090ECF3
                                                                                                                                                                                                                                                                                                                                                            • CountClipboardFormats.USER32 ref: 0090ED14
                                                                                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 0090ED59
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9048e19f288e93fbede0535f15b1d7e222f90ee9707be114ed568965599dc440
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 06468242b05d62336b0aa1172c376154ce933b29569b021ea41e497768a597d3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9048e19f288e93fbede0535f15b1d7e222f90ee9707be114ed568965599dc440
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4861AE752082029FD710EF28D895F2A77A8FF84704F18491DF496D72E1DB31E946DBA2
                                                                                                                                                                                                                                                                                                                                                            Function 0090698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 009069BE
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00906A12
                                                                                                                                                                                                                                                                                                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00906A4E
                                                                                                                                                                                                                                                                                                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00906A75
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00906AB2
                                                                                                                                                                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00906ADF
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f68005460cc8593ca36fa0ff27de0bbd726fc8dd93c986ee4c54b0cbaab05c78
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2783f8369899f9ff4257ff579e11e2332935a968bf793d62b2a3b93f0dd45f70
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f68005460cc8593ca36fa0ff27de0bbd726fc8dd93c986ee4c54b0cbaab05c78
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3BD13DB2508300AEC714EBA8C881EABB7ECFF98704F44491DF595D6191EB74DA44CB63
                                                                                                                                                                                                                                                                                                                                                            Function 00909642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00909663
                                                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 009096A1
                                                                                                                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,?), ref: 009096BB
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 009096D3
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 009096DE
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 009096FA
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 0090974A
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(00956B7C), ref: 00909768
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00909772
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0090977F
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0090978F
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2edc2916c54b7509977beb095adc86823311e9667b36fb9e1a85f310be22fdd2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d800dfdb194ec595b4273aec75985798057a7268eac5e734f9a91fcad8cf6507
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2edc2916c54b7509977beb095adc86823311e9667b36fb9e1a85f310be22fdd2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1310272545219AECF20EFB4EC09ADE77ACAF49321F104155F814E31E1DB31DE458B50
                                                                                                                                                                                                                                                                                                                                                            Function 0090979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 009097BE
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00909819
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00909824
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 00909840
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00909890
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(00956B7C), ref: 009098AE
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 009098B8
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 009098C5
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 009098D5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008FDAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 008FDB00
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 37877ce5bf4c25a522678b5bff5c284880b860615f8654589812e0508696652d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 694e555a289080af42f0f75ce0f9eae0a45f05e4d7056f327ab9fca92be8527d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 37877ce5bf4c25a522678b5bff5c284880b860615f8654589812e0508696652d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C931E3725456196EDB20EFB4EC48ADE37ACEF46324F108555ED10E32E1DB30D9458B60
                                                                                                                                                                                                                                                                                                                                                            Function 008FD076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00893AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00893A97,?,?,00892E7F,?,?,?,00000000), ref: 00893AC2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008FE199: GetFileAttributesW.KERNEL32(?,008FCF95), ref: 008FE19A
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 008FD122
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 008FD1DD
                                                                                                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 008FD1F0
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 008FD20D
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 008FD237
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008FD29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,008FD21C,?,?), ref: 008FD2B2
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,?,?,?), ref: 008FD253
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 008FD264
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cc266ce45e32795b74c46572081266bed63b283d3acf38afe75e7e752ed8618f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a8feb917be64c69676694ace2046f49cb61d543fc505f8fc6f0e81d8c613e4cf
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cc266ce45e32795b74c46572081266bed63b283d3acf38afe75e7e752ed8618f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 45615B3180520D9ACF15EBA8C9929FDB7B6FF15300F244169E611B7191EB30AF09DBA2
                                                                                                                                                                                                                                                                                                                                                            Function 0090ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c7f370511ca35619562d8186c829ab20022e9c5b620b53a21289ff0ec192a333
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b147001cbcaba10bdcde89d8cff23e3297f0c30a0bbd9714f7b2f97fad4e74d2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c7f370511ca35619562d8186c829ab20022e9c5b620b53a21289ff0ec192a333
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D419D75208611AFD720DF15E888F19BBE5FF44318F18C499E41A8B6A2C775EC42CB90
                                                                                                                                                                                                                                                                                                                                                            Function 008FE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 008F170D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 008F173A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F16C3: GetLastError.KERNEL32 ref: 008F174A
                                                                                                                                                                                                                                                                                                                                                            • ExitWindowsEx.USER32(?,00000000), ref: 008FE932
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                                                                                            • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1416761e4ed485ebc92b4cf1da17e9a01d69d29e12ed4c3c102160d7a3e84e75
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ab336dfda560312aebb030cc8e95c9bb84bd2c0edf407dc63b68b8cdaac4a783
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1416761e4ed485ebc92b4cf1da17e9a01d69d29e12ed4c3c102160d7a3e84e75
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5901267272021CABEB246BB89C8AFBF769CFB14745F140521FE02E21E1E9E05C4092F0
                                                                                                                                                                                                                                                                                                                                                            Function 00911204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00911276
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00911283
                                                                                                                                                                                                                                                                                                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 009112BA
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 009112C5
                                                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 009112F4
                                                                                                                                                                                                                                                                                                                                                            • listen.WSOCK32(00000000,00000005), ref: 00911303
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 0091130D
                                                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 0091133C
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 540024437-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5526a853660c60f779a0cd1b06fe1e6799113a23503940eedf3bbc18cd82afbd
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1ca1a20a0a8f40f7aad1cd102dba08ff8e064d29319ec89850b4d5fab313381b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5526a853660c60f779a0cd1b06fe1e6799113a23503940eedf3bbc18cd82afbd
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF41A071600144AFD720DF28C488B69BBE5BF46318F188488E9668F296C771ECC2CBE1
                                                                                                                                                                                                                                                                                                                                                            Function 008CB952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CB9D4
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CB9F8
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CBB7F
                                                                                                                                                                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00933700), ref: 008CBB91
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,0096121C,000000FF,00000000,0000003F,00000000,?,?), ref: 008CBC09
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00961270,000000FF,?,0000003F,00000000,?), ref: 008CBC36
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CBD4B
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 314583886-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c818d0e14a3b365848978bb1bdaca10b4ff346b7eb6187043a8da6d5445da13d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1a3b8c324f589b32906d69aca8e12af8548409279600faaf13ac5564a7d450ba
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c818d0e14a3b365848978bb1bdaca10b4ff346b7eb6187043a8da6d5445da13d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28C11671904A58AFCB249F789C52FAA7BB8FF41360F1841AEE491D7291EB30CE41DB51
                                                                                                                                                                                                                                                                                                                                                            Function 008FD3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00893AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00893A97,?,?,00892E7F,?,?,?,00000000), ref: 00893AC2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008FE199: GetFileAttributesW.KERNEL32(?,008FCF95), ref: 008FE19A
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 008FD420
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 008FD470
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 008FD481
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 008FD498
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 008FD4A1
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9a1e23ba25e6635c9c89efb038ae711dfe98280e0a3e9e41ffd0f011c96f158d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ff9cb0bf80bb69b22723e37cd65236eb6346b8c90431ea6ef479844afd733f39
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9a1e23ba25e6635c9c89efb038ae711dfe98280e0a3e9e41ffd0f011c96f158d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B316D710183459BC714FF68D8918BFB7A8FEA1304F484A2DF5E5D3191EB20EA0997A7
                                                                                                                                                                                                                                                                                                                                                            Function 008CE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cc197b249716cc5abe6e400222a34c5d60ff381dbac5a0950f7ce0859bb182a3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f0c6d1d3a11715df4b10b0643bc3036199989e2c1f0edbfebfc07b024652ad44
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cc197b249716cc5abe6e400222a34c5d60ff381dbac5a0950f7ce0859bb182a3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2C21971E086288FDB25CE289D40BEAB7B6FB48315F1541EED54DE7241E774AE818F40
                                                                                                                                                                                                                                                                                                                                                            Function 0090648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 009064DC
                                                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 00906639
                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(0092FCF8,00000000,00000001,0092FB68,?), ref: 00906650
                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 009068D4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6f9e8ffe15e75f563a0830082a6ee27d33da403c548dc0e6d6252dad2742ac12
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 28791d021bef899f73c4e7fc557aa62baa9867efa2b81dee04b9cf514bd16428
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f9e8ffe15e75f563a0830082a6ee27d33da403c548dc0e6d6252dad2742ac12
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EED13971508201AFC714EF28C881D6BB7E9FF94704F44496DF595CB291EB71E909CB92
                                                                                                                                                                                                                                                                                                                                                            Function 009122DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(?,?,00000000), ref: 009122E8
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0090E4EC: GetWindowRect.USER32(?,?), ref: 0090E504
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00912312
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00912319
                                                                                                                                                                                                                                                                                                                                                            • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00912355
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00912381
                                                                                                                                                                                                                                                                                                                                                            • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 009123DF
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 74574ddbeff6d6bdbf6cf66ca01a06cf764c928cbfcc50f1b111749290f95d92
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 854b4648990de76f77df961e277c3f390c31b18d6a49f885a3097731aa95e7a9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 74574ddbeff6d6bdbf6cf66ca01a06cf764c928cbfcc50f1b111749290f95d92
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0231D072608319AFC720EF14C849F9BBBA9FF84710F000919F995D7191DB34EA5ACB92
                                                                                                                                                                                                                                                                                                                                                            Function 00909B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00909B78
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00909C8B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00903874: GetInputState.USER32 ref: 009038CB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00903874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00903966
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00909BA8
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00909C75
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0ec7b3a038fe2f1921fa9837fe4047f69c12eb082cd1d3326f55d9a113e4115f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 916f5d5ec7c1320197047e399e0889a4fca7ff2a5565f83b6c9e82477bcf2f80
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ec7b3a038fe2f1921fa9837fe4047f69c12eb082cd1d3326f55d9a113e4115f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D418071D4421A9FDF14EF68C845AEE7BB8FF15310F244056E849A22D2EB309E44CF61
                                                                                                                                                                                                                                                                                                                                                            Function 008A997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008A9BB2
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,?,?,?,?), ref: 008A9A4E
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 008A9B23
                                                                                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,00000000), ref: 008A9B36
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Color$LongProcWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3131106179-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ee6ad27072890388365bd0ccef7cbc6b0cd02bf6f5f4de3406cfe051af14391e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 41fc4b36d2ef27e434c40ade22378a3229da0678295fbeb6d0d1ea74c45b1ef2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee6ad27072890388365bd0ccef7cbc6b0cd02bf6f5f4de3406cfe051af14391e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95A1297011C4A8BEF728AA3D9C49F7B3A9DFB83358F15410AF582C6DD5CA25AD01D272
                                                                                                                                                                                                                                                                                                                                                            Function 00911806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0091304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0091307A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0091304E: _wcslen.LIBCMT ref: 0091309B
                                                                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0091185D
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00911884
                                                                                                                                                                                                                                                                                                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 009118DB
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 009118E6
                                                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 00911915
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 10023fd1dd051b11c6ea957fcddb6b1135b0e9d34f986ec5e7d4163450e3e799
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9bf350b59bb7a965c4ba897ee1fe0e62dad903fcb7a78eed6575f12f1ac95c2e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 10023fd1dd051b11c6ea957fcddb6b1135b0e9d34f986ec5e7d4163450e3e799
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5551C771B002106FEB10AF28D886F6A77E5EB45718F08C498F9159F3D3D771AD418B92
                                                                                                                                                                                                                                                                                                                                                            Function 00921C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1d9466be4f216c95e63c074e98c4bda99d73ec6fe28204542bc267efc30cc541
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a3f4a3f359556b0c0b332016e5733b216b246d195e7003680b06eb978298842a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1d9466be4f216c95e63c074e98c4bda99d73ec6fe28204542bc267efc30cc541
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D21E5357442219FD720DF1AE844B2A7BE9FFA5314F198068E88ACB355CB71EC42CB90
                                                                                                                                                                                                                                                                                                                                                            Function 00898060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-1546025612
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ac8de6d5751c08d174887cfb27fcb19f4f3a1e8524b9075baa1eef93836b61d9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e56f3e64c12c241e5aec752adfe5da48f59f75d29f6f045026d2822a6b346256
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac8de6d5751c08d174887cfb27fcb19f4f3a1e8524b9075baa1eef93836b61d9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 02A26D71A0061ECBDF24DF58C8407AEB7B1FB55314F2882AAE815EB385EB309D91CB50
                                                                                                                                                                                                                                                                                                                                                            Function 008FAA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 008FAAAC
                                                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(00000080), ref: 008FAAC8
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 008FAB36
                                                                                                                                                                                                                                                                                                                                                            • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 008FAB88
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b2bced905e3c03ed5d45978b31f0ede3f0d71d43f90768e8e4142f957c7164ff
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 76b3e9e8d2c6ca87b403c5bb73ecb3b10c12d0f07d7802bef059be9f3049476f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b2bced905e3c03ed5d45978b31f0ede3f0d71d43f90768e8e4142f957c7164ff
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2831E7B0A4025CAEFB398A78CC05BFA7BA6FB44330F14421AF689D61D1D3758985D762
                                                                                                                                                                                                                                                                                                                                                            Function 0090CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(?,?,00000400,?), ref: 0090CE89
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000), ref: 0090CEEA
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000), ref: 0090CEFE
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 97bc2759aa5709e000377189aed3d08520e9ebc063e68b3aa48d3426a34c2e06
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b3fd1c177c8d532abfc33faac7b423935fc1a0400ab58c61b51b3e986c4884af
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 97bc2759aa5709e000377189aed3d08520e9ebc063e68b3aa48d3426a34c2e06
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB21ACB1504705EFDB30DF65C988BAA77FCEB40314F204A2AE646D2191E774EE059B50
                                                                                                                                                                                                                                                                                                                                                            Function 008F8298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,?,?,00000000), ref: 008F82AA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: lstrlen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ($|
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1659193697-1631851259
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b6b8338938c18764c3d9a8a1e620616d9056195e38dd64f5d96d382cea0cd4fa
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 76209af99be81a668ecae30474fdd241f644ad2611ad0dc1ca76ca4521435a68
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6b8338938c18764c3d9a8a1e620616d9056195e38dd64f5d96d382cea0cd4fa
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C323475A00609DFCB28CF69C481A6AB7F0FF48710B15C56EE59ADB7A1EB70E941CB40
                                                                                                                                                                                                                                                                                                                                                            Function 00905C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00905CC1
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00905D17
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(?), ref: 00905D5F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3541575487-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cc6cea405b417226c8f84eb19d74aa8e68008b09e49edfa2e4912a4a2526ab96
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1479ac108f8c8875b4f480c026f6e20c76cf6c1265ad7dda81c20865495b146b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cc6cea405b417226c8f84eb19d74aa8e68008b09e49edfa2e4912a4a2526ab96
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D851A975604A019FC714DF28C494A9AB7E8FF49324F15855EE99A8B3A2DB30EC04CF92
                                                                                                                                                                                                                                                                                                                                                            Function 008C2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 008C271A
                                                                                                                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 008C2724
                                                                                                                                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 008C2731
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f3487d190cbc610263ac26c2926497b9a7a1466595d003cdcb490fb55022c06b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1675e68a701c7d149c5277739cfc8331eae9655b8a349951dec38264b62a30f4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f3487d190cbc610263ac26c2926497b9a7a1466595d003cdcb490fb55022c06b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7431B4749112289BCB21DF68DC89BDDB7B8FF08310F5045EAE41CA62A1E7709F818F45
                                                                                                                                                                                                                                                                                                                                                            Function 009051CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 009051DA
                                                                                                                                                                                                                                                                                                                                                            • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00905238
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000), ref: 009052A1
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1682464887-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6ce0b544a80e6a3ffee9664007565e635f4955da63bee5e51165d70d4ce40fc3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 89dfe726027e23c06e5327339022cfe22d66a8dde723fd01d2aa485c6309f36c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ce0b544a80e6a3ffee9664007565e635f4955da63bee5e51165d70d4ce40fc3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2318075A14508DFDB00EF58D885EAEBBF4FF08314F098099E805AB3A2DB31E856CB51
                                                                                                                                                                                                                                                                                                                                                            Function 008F16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008AFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 008B0668
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008AFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 008B0685
                                                                                                                                                                                                                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 008F170D
                                                                                                                                                                                                                                                                                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 008F173A
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008F174A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fa3606f6314a16d1a929c5401549b7f00828f69880a62a9ec14c2b001f213655
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d71f60720a9ab339e58b561f6bc8ab63211ad60fd1450f340e2bd35bdd9949fc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa3606f6314a16d1a929c5401549b7f00828f69880a62a9ec14c2b001f213655
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F411C4B1414308EFEB18AF64DC86D6AB7F9FB04714B20852EE15693641EB70BC418A60
                                                                                                                                                                                                                                                                                                                                                            Function 008FD5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 008FD608
                                                                                                                                                                                                                                                                                                                                                            • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 008FD645
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 008FD650
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 33631002-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e301ee7c83d3f297a770936307b68494068e2a4cb1ed08c19edd12d12bef6d34
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 97c19234fe43bcde5784928d021275aa4d716f946ce80141077c5fd7dd849c52
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e301ee7c83d3f297a770936307b68494068e2a4cb1ed08c19edd12d12bef6d34
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E4117CB1E05228BBDB208FA4DC45FAFBBBCEB45B60F108111FA04E7290D6704A058BA1
                                                                                                                                                                                                                                                                                                                                                            Function 008F1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 008F168C
                                                                                                                                                                                                                                                                                                                                                            • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 008F16A1
                                                                                                                                                                                                                                                                                                                                                            • FreeSid.ADVAPI32(?), ref: 008F16B1
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3429775523-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8cb9250641d88e04c9549a7c4ee27f3c9deb9429e16c69c0833af973691f1b9d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8dd8887079d6bda6c4ee8a29279b691c5b56d16649716171b6c6e4fffca2daa3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8cb9250641d88e04c9549a7c4ee27f3c9deb9429e16c69c0833af973691f1b9d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7DF0F4B199030DFBDF00DFE49C89EAEBBBCFB08644F504565E501E2181E774AA449A54
                                                                                                                                                                                                                                                                                                                                                            Function 008CC2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: /
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-2043925204
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8493b9b5154d63a0d7f7b003ef6133701b5889c61f711b6635f2947e576303d2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f5ded11ae42a2288b76196199f2a76ffe71019eef6a044699d87e13e5c8d7a72
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8493b9b5154d63a0d7f7b003ef6133701b5889c61f711b6635f2947e576303d2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CC412672900219AFCB249FB9DC89EAB77B8FB84354F10826DF909D7280E670DD81CB50
                                                                                                                                                                                                                                                                                                                                                            Function 008BCAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8e7a043f67056e8580028e0abeb7d3b4227755c0e6337818f5cd5acd793377cc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C021D71E001199BDF14CFA9C8906EEFBF1FF58314F25416AD819EB384D731A9458B94
                                                                                                                                                                                                                                                                                                                                                            Function 009068EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00906918
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00906961
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fab78604e89499754a705fb1dbea7a9210a7ac14520668ae40bf46de83323823
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 543ab83f36eec38df2c3e138049afa2829be0d19d2061739043b1994ca31828a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fab78604e89499754a705fb1dbea7a9210a7ac14520668ae40bf46de83323823
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F11190726142019FC710DF29D484A1ABBE5FF85328F18C699F4798F6A2CB30EC05CB91
                                                                                                                                                                                                                                                                                                                                                            Function 009037B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00914891,?,?,00000035,?), ref: 009037E4
                                                                                                                                                                                                                                                                                                                                                            • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00914891,?,?,00000035,?), ref: 009037F4
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 864a6b349a47e1604d9df0ca2440200c306950168e32c8ec6aaf0e073d94b541
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9a4ca5b40512ce186ccdf3a638cb1947046ee263d1e01651cd1c01efea3b489f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 864a6b349a47e1604d9df0ca2440200c306950168e32c8ec6aaf0e073d94b541
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 65F0ECB06042156AEB2057698C4DFDB375DEFC4761F000265F505D22C1D9609904C6F1
                                                                                                                                                                                                                                                                                                                                                            Function 008FB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 008FB25D
                                                                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(?,75A8C0D0,?,00000000), ref: 008FB270
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d6a1ccb776ffb7bd3115e4926e0f11f6600e112bae9ea1e54b98b909c6b4646e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5138dbab3c3a328a21f68cc031c8c7a888a549a78203a5cf2704876abe1119fe
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6a1ccb776ffb7bd3115e4926e0f11f6600e112bae9ea1e54b98b909c6b4646e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 50F01D7181424DABDF159FA0C805BBE7BB4FF04309F108009F955A6191D379D6119F94
                                                                                                                                                                                                                                                                                                                                                            Function 008F10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,008F11FC), ref: 008F10D4
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,008F11FC), ref: 008F10E9
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f9d4f0d46c0941557c426d7cfd4a2de004036a879f3851128f93f41677bec94e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cd9fc78de35963fe1fa90f7c91b1a7081fd1a9ef48da967d48937591b97473e4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9d4f0d46c0941557c426d7cfd4a2de004036a879f3851128f93f41677bec94e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 54E04F72018600EEFB352B65FC09E7777E9FB04320B20882DF6A5C04B1DB626CA1EB54
                                                                                                                                                                                                                                                                                                                                                            Function 0089CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            • Variable is not of type 'Object'., xrefs: 008E0C40
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: Variable is not of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-1840281001
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1aaf6972311d17e45b8225992bdf519e567293f61e4eb577f6e1aad7857af5df
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 33a3508804177a6c6c691a5a4871062159bce6c7a6903618e073e2af9c69a583
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1aaf6972311d17e45b8225992bdf519e567293f61e4eb577f6e1aad7857af5df
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4932AF70900218DBDF14EF94C884AEDB7B5FF05308F284469E806EB282DBB6AD45CF61
                                                                                                                                                                                                                                                                                                                                                            Function 008C676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,008C6766,?,?,00000008,?,?,008CFEFE,00000000), ref: 008C6998
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ab1074be47311f34f96de73b8e98b033f2ebbeccf47b90006461de312ee77244
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3ebf78dd3ce3ceaae0b3e6bc00695da5c9bf64f1c53ce18cab245bbf387b50b3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ab1074be47311f34f96de73b8e98b033f2ebbeccf47b90006461de312ee77244
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0B139316106099FD715CF28C486F657BB0FF45368F29866CE89ACF2A2D335E9A5CB40
                                                                                                                                                                                                                                                                                                                                                            Function 008AB119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-3916222277
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 90faa77beb16d537957ff3b2c6d6ec804cce5aae33e6a766efdd37142330007d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3796aedafd440bc82f86346223dd0c0d304e35e8c267220519dcb2b37a84de7c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 90faa77beb16d537957ff3b2c6d6ec804cce5aae33e6a766efdd37142330007d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6124F71900229DFDB24CF59C8806AEB7F5FF49710F14819AE849EB256EB349E81CF94
                                                                                                                                                                                                                                                                                                                                                            Function 0090EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • BlockInput.USER32(00000001), ref: 0090EABD
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: BlockInput
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 99a28d8ca4835f42951cad1c92e13973b2eb082c06982d4c77f12483677a5896
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 94a5900aacd18900c96d8b49605da666cc9443bccb11b0bed56fcbaf1c4a1e67
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 99a28d8ca4835f42951cad1c92e13973b2eb082c06982d4c77f12483677a5896
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 32E01A362102049FC710EF59E804E9AB7E9FF98760F048816FC49C72A1DAB0A8418BA1
                                                                                                                                                                                                                                                                                                                                                            Function 008B09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,008B03EE), ref: 008B09DA
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9e65ebebed2c086320c7da9a7b34bf468fafceea00670548a216a338834796f2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 012cbcde61fd796d938ca59ca2388a08b1776bc3aecc37c4f8d2048ced31be03
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e65ebebed2c086320c7da9a7b34bf468fafceea00670548a216a338834796f2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                                                                            Function 008B781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6d2279e781342056ee57ff26188913dddb2e7bdb7da84e4abbe3da2c5e0eec55
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C519B7160C74A9BDB38453C885E7FE2B89FBD2344F180539D882D7782CA19EE01D35A
                                                                                                                                                                                                                                                                                                                                                            Function 008C6DD9 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0a0e544ed109c3d42458b32f2cba763cc0f93d78713146b18242217323309a2b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8d560dcac462a700ae4688b08ac2230056c0cef57f0b33cf0e9b9f58c8961718
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a0e544ed109c3d42458b32f2cba763cc0f93d78713146b18242217323309a2b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE320F22D2DF014DD7239634D822336A659EFB73D5F15C32BE82AB5AA5EB39C4835900
                                                                                                                                                                                                                                                                                                                                                            Function 008ACC39 Relevance: .6, Instructions: 635COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c9307d7b7cb8f6403a20fef37084d31ab747b8e44f87f713aaf7c542a1ee4503
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d32a5fdeeccd8ab0ef37509fc4a300decb05b76483749c6cd5c985d7e2bbad37
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c9307d7b7cb8f6403a20fef37084d31ab747b8e44f87f713aaf7c542a1ee4503
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 89321732E041998BDF28CF2BC49067D7BA1FB47324F28856AD95ACB691D230DD83DB41
                                                                                                                                                                                                                                                                                                                                                            Function 00897920 Relevance: .6, Instructions: 563COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 91b1b67d85e66a49b131e8246e4282ae46377ffe05419bf902f1a1d6a6d4eb1b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c491e26ebc7e5bd415a6b74a87320e60fdc13adf04f9fcea5d68da108b1f5524
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 91b1b67d85e66a49b131e8246e4282ae46377ffe05419bf902f1a1d6a6d4eb1b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE22BEB0A04609DFDF14DFA9D881AAEB7F6FF44314F14462AE812E7391EB35A910CB51
                                                                                                                                                                                                                                                                                                                                                            Function 008991C0 Relevance: .5, Instructions: 475COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 33514e6f2e2b9de4076112febda6da833f88819f10c4aaf5e4da07e68a2d2baa
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d484b55bb4d79ddd7781b6bb5ccbf6ac4248348740b70de72a7becdb179fd87d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 33514e6f2e2b9de4076112febda6da833f88819f10c4aaf5e4da07e68a2d2baa
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A202D7B0A10219EBDF05EF58D881AADB7B1FF44304F548169E456DF391EB31EA20CB91
                                                                                                                                                                                                                                                                                                                                                            Function 008B1C77 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a58a3c8cbae874bd564fbba1771193ebed21fdcc09031891d44a14a1ce89c9bb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF9156722080E349DF694639857C0BEFFE1EA523A139E079DD4F2CE2C5EE14D554D620
                                                                                                                                                                                                                                                                                                                                                            Function 008B19B0 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 63f1cfeffacc0a6747ac0c4b8d917134d2e75d1e2f763da6c61d38343762c689
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 149154722090E34ADF69427A857C0BEFFE1EA923B139A079DD4F2CE2C5FE14D5549620
                                                                                                                                                                                                                                                                                                                                                            Function 008B7A4A Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f33daec84568925edb1c98a0d3c5cc7b5d11f8eb2e295e313eaaa693ef904380
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7ae6cc7b58c6c28d904a2e26dd8197dd76d168f410db86e762759649db0ffa11
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f33daec84568925edb1c98a0d3c5cc7b5d11f8eb2e295e313eaaa693ef904380
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07616671208719A6DE749A2C8CA5BFF2398FFC1764F20191EE942DB3D1DA119E42CB16
                                                                                                                                                                                                                                                                                                                                                            Function 008B7CA7 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f432f3f35a5d0c065ecc4a8fe356dfb5d5bb45531fafa5d93b6b9fe765f58ed5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 48b617adbdd8b1505ab4ef645723e9ff8f4ee989caa062fe37450df4f647a370
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f432f3f35a5d0c065ecc4a8fe356dfb5d5bb45531fafa5d93b6b9fe765f58ed5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76617A7120C70996DE385A2C88A5BFF2398FFC2B84F180959E943DF795DA12ED42C356
                                                                                                                                                                                                                                                                                                                                                            Function 008B1706 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fcadcee6f49d448664cdaf79c6668415630b8200b5349d4cd2ff63dcaa3b0ec2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 138164326080E349DF694239857C4BEFFE1FA923A139A07ADD4F2CF2C5EE149554D620
                                                                                                                                                                                                                                                                                                                                                            Function 00902046 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fdb53829feddf2bbe588af80457db1bb516890a62e7477a6170255167b296e31
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: eb4c0d34cdde56328c94cd2e4a54748b477d94b11493ccef1fec1bd8aa2a9796
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fdb53829feddf2bbe588af80457db1bb516890a62e7477a6170255167b296e31
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1421B7326206158FD728CF79C82767E73E9A754310F25862EE4A7C37D0DE75A904DB80
                                                                                                                                                                                                                                                                                                                                                            Function 00912ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00912B30
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00912B43
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32 ref: 00912B52
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00912B6D
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00912B74
                                                                                                                                                                                                                                                                                                                                                            • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00912CA3
                                                                                                                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00912CB1
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00912CF8
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,?), ref: 00912D04
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00912D40
                                                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00912D62
                                                                                                                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00912D75
                                                                                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00912D80
                                                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00912D89
                                                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00912D98
                                                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00912DA1
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00912DA8
                                                                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00912DB3
                                                                                                                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00912DC5
                                                                                                                                                                                                                                                                                                                                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,0092FC38,00000000), ref: 00912DDB
                                                                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00912DEB
                                                                                                                                                                                                                                                                                                                                                            • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00912E11
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00912E30
                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00912E52
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0091303F
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                            • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 236a69fa122e8138ea4f3c503ecb13bfaf77b54c38258eeaf0d98131353ea22d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6a34a2e13e29c24537a9c7d5ab03c4f1cf578e49551fc246d7933bc1cd0af82e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 236a69fa122e8138ea4f3c503ecb13bfaf77b54c38258eeaf0d98131353ea22d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A026BB1A14209EFDB14DF64DD89EAE7BB9FB48310F048158F915AB2A1CB70AD41DB60
                                                                                                                                                                                                                                                                                                                                                            Function 009270D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 0092712F
                                                                                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00927160
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 0092716C
                                                                                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,000000FF), ref: 00927186
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 00927195
                                                                                                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 009271C0
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000010), ref: 009271C8
                                                                                                                                                                                                                                                                                                                                                            • CreateSolidBrush.GDI32(00000000), ref: 009271CF
                                                                                                                                                                                                                                                                                                                                                            • FrameRect.USER32(?,?,00000000), ref: 009271DE
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 009271E5
                                                                                                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FE,000000FE), ref: 00927230
                                                                                                                                                                                                                                                                                                                                                            • FillRect.USER32(?,?,?), ref: 00927262
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00927284
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 009273E8: GetSysColor.USER32(00000012), ref: 00927421
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 009273E8: SetTextColor.GDI32(?,?), ref: 00927425
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 009273E8: GetSysColorBrush.USER32(0000000F), ref: 0092743B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 009273E8: GetSysColor.USER32(0000000F), ref: 00927446
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 009273E8: GetSysColor.USER32(00000011), ref: 00927463
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 009273E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00927471
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 009273E8: SelectObject.GDI32(?,00000000), ref: 00927482
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 009273E8: SetBkColor.GDI32(?,00000000), ref: 0092748B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 009273E8: SelectObject.GDI32(?,?), ref: 00927498
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 009273E8: InflateRect.USER32(?,000000FF,000000FF), ref: 009274B7
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 009273E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 009274CE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 009273E8: GetWindowLongW.USER32(00000000,000000F0), ref: 009274DB
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e78e2e119d7f44cc15cb48d05f47a883fbfd405139f597cd12cc79833588219b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ce342e66122ec6de006d848220b6ba6b493ef8fb8639ae98a8f7374140b6f674
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e78e2e119d7f44cc15cb48d05f47a883fbfd405139f597cd12cc79833588219b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5FA190B201C311AFDB109FA0EC48E5EBBA9FF49320F100A19F962A61E1D774E945DB52
                                                                                                                                                                                                                                                                                                                                                            Function 008A8D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?), ref: 008A8E14
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001308,?,00000000), ref: 008E6AC5
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 008E6AFE
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 008E6F43
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,008A8BE8,?,00000000,?,?,?,?,008A8BBA,00000000,?), ref: 008A8FC5
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001053), ref: 008E6F7F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 008E6F96
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 008E6FAC
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 008E6FB7
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ae516595d331af60aeaebcbfebaada2b3390f89de47b2572a260aef830f6e055
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 63f3f34c89e337fd1cbf0e886da772ce1c81f66a986b453117a5863f75425861
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ae516595d331af60aeaebcbfebaada2b3390f89de47b2572a260aef830f6e055
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE12AD30208281DFDB25CF15D844BA9B7A1FF66350F184469F485CB661DB32EC62EF91
                                                                                                                                                                                                                                                                                                                                                            Function 00912711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000), ref: 0091273E
                                                                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0091286A
                                                                                                                                                                                                                                                                                                                                                            • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 009128A9
                                                                                                                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 009128B9
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00912900
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,?), ref: 0091290C
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00912955
                                                                                                                                                                                                                                                                                                                                                            • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00912964
                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00912974
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00912978
                                                                                                                                                                                                                                                                                                                                                            • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00912988
                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00912991
                                                                                                                                                                                                                                                                                                                                                            • DeleteDC.GDI32(00000000), ref: 0091299A
                                                                                                                                                                                                                                                                                                                                                            • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 009129C6
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000030,00000000,00000001), ref: 009129DD
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00912A1D
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00912A31
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000404,00000001,00000000), ref: 00912A42
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00912A77
                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00912A82
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00912A8D
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00912A97
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                                                                                            • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1189a7a8d250b225ae9efacca6a4240f086f4bdd61c21f668d99fbdac3350a4f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 995211b429da630368ffd87eed4e7dd97584aa1033c04927ad18faf1c1c89407
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1189a7a8d250b225ae9efacca6a4240f086f4bdd61c21f668d99fbdac3350a4f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 92B15CB1A10219AFEB24DF68DC4AFAE7BA9FB48710F044118F915E72A0D770ED40DB94
                                                                                                                                                                                                                                                                                                                                                            Function 00904ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 00904AED
                                                                                                                                                                                                                                                                                                                                                            • GetDriveTypeW.KERNEL32(?,0092CB68,?,\\.\,0092CC08), ref: 00904BCA
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,0092CB68,?,\\.\,0092CC08), ref: 00904D36
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                                                                            • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6041360c060942cea31cddd2b2c4438fd2a524252799363830bd47e73556843b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cb69ecf66b9c0085fa0075ec05afd6d6d0dd206ecc923d342fffb0aedb5fe28a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6041360c060942cea31cddd2b2c4438fd2a524252799363830bd47e73556843b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C61F4B0605205EFDB04EF28CA829BC77B4FB85305B684815FA86EB2D1DB35ED45DB42
                                                                                                                                                                                                                                                                                                                                                            Function 009273E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000012), ref: 00927421
                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,?), ref: 00927425
                                                                                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 0092743B
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 00927446
                                                                                                                                                                                                                                                                                                                                                            • CreateSolidBrush.GDI32(?), ref: 0092744B
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000011), ref: 00927463
                                                                                                                                                                                                                                                                                                                                                            • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00927471
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 00927482
                                                                                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,00000000), ref: 0092748B
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 00927498
                                                                                                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 009274B7
                                                                                                                                                                                                                                                                                                                                                            • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 009274CE
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 009274DB
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0092752A
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00927554
                                                                                                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FD,000000FD), ref: 00927572
                                                                                                                                                                                                                                                                                                                                                            • DrawFocusRect.USER32(?,?), ref: 0092757D
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000011), ref: 0092758E
                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 00927596
                                                                                                                                                                                                                                                                                                                                                            • DrawTextW.USER32(?,009270F5,000000FF,?,00000000), ref: 009275A8
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 009275BF
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 009275CA
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 009275D0
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 009275D5
                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,?), ref: 009275DB
                                                                                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,?), ref: 009275E5
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1996641542-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 03680d524726664b7fd3b89c5c3b32bbdc22f92a3fa4825b24ab4a7fb9678d6b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8dbad1497412d644a5aed93bafa22f7300086d5d85bf287b55e2fac20b2a7958
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 03680d524726664b7fd3b89c5c3b32bbdc22f92a3fa4825b24ab4a7fb9678d6b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84617FB2908218AFDF119FA4DC49EAEBFB9EF08320F104115F911BB2A1D7749941DF90
                                                                                                                                                                                                                                                                                                                                                            Function 00920FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00921128
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 0092113D
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00921144
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00921199
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 009211B9
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 009211ED
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0092120B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0092121D
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000421,?,?), ref: 00921232
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00921245
                                                                                                                                                                                                                                                                                                                                                            • IsWindowVisible.USER32(00000000), ref: 009212A1
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 009212BC
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 009212D0
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 009212E8
                                                                                                                                                                                                                                                                                                                                                            • MonitorFromPoint.USER32(?,?,00000002), ref: 0092130E
                                                                                                                                                                                                                                                                                                                                                            • GetMonitorInfoW.USER32(00000000,?), ref: 00921328
                                                                                                                                                                                                                                                                                                                                                            • CopyRect.USER32(?,?), ref: 0092133F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000412,00000000), ref: 009213AA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                                                                                            • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6aa4ded05b2af5672e65557cdbb2f70e33a42f13f34afab3e30456bde92fb793
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fa51971b49e5184415503678669f0e72b94fcc93963d7e9a6ea18577d16b067f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6aa4ded05b2af5672e65557cdbb2f70e33a42f13f34afab3e30456bde92fb793
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6B1BD71608351AFDB10DF68D884B6EBBE9FF98310F00891CF9999B261C731E855CB92
                                                                                                                                                                                                                                                                                                                                                            Function 00920241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 009202E5
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0092031F
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00920389
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 009203F1
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00920475
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 009204C5
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00920504
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008AF9F2: _wcslen.LIBCMT ref: 008AF9FD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 008F2258
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 008F228A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 50a25c4f9726d1cafa137001f7101df2aa83703b53cd27087c59e521babe5fb6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f1d62b31ccccd6f2f2b4885a16cb81594bee861245730126f44712a6bccfb974
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 50a25c4f9726d1cafa137001f7101df2aa83703b53cd27087c59e521babe5fb6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ECE18E312082118FCB14EF29E55182AB7E6FFC8314B144A5DF8969B7A6DB30ED45CB42
                                                                                                                                                                                                                                                                                                                                                            Function 008A8891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 008A8968
                                                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000007), ref: 008A8970
                                                                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 008A899B
                                                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000008), ref: 008A89A3
                                                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000004), ref: 008A89C8
                                                                                                                                                                                                                                                                                                                                                            • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 008A89E5
                                                                                                                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 008A89F5
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 008A8A28
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 008A8A3C
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,000000FF), ref: 008A8A5A
                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 008A8A76
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 008A8A81
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A912D: GetCursorPos.USER32(?), ref: 008A9141
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A912D: ScreenToClient.USER32(00000000,?), ref: 008A915E
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A912D: GetAsyncKeyState.USER32(00000001), ref: 008A9183
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A912D: GetAsyncKeyState.USER32(00000002), ref: 008A919D
                                                                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(00000000,00000000,00000028,008A90FC), ref: 008A8AA8
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                                                                            • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 72b3194badcb3e85c6afc8aa13cf581239ea71ec5ed01fe6e45db1010200d7e5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f7af783eeb36cfb79f62100b357509e30695598b412e7331242ae1ada6a8f070
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 72b3194badcb3e85c6afc8aa13cf581239ea71ec5ed01fe6e45db1010200d7e5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8BB17C71A0420AEFDB14DFA8DC45BAE3BB4FB49314F144229FA15E7290DB74E851CB61
                                                                                                                                                                                                                                                                                                                                                            Function 008F0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 008F1114
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,008F0B9B,?,?,?), ref: 008F1120
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,008F0B9B,?,?,?), ref: 008F112F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,008F0B9B,?,?,?), ref: 008F1136
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 008F114D
                                                                                                                                                                                                                                                                                                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 008F0DF5
                                                                                                                                                                                                                                                                                                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 008F0E29
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 008F0E40
                                                                                                                                                                                                                                                                                                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 008F0E7A
                                                                                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 008F0E96
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 008F0EAD
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 008F0EB5
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 008F0EBC
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 008F0EDD
                                                                                                                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000), ref: 008F0EE4
                                                                                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 008F0F13
                                                                                                                                                                                                                                                                                                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 008F0F35
                                                                                                                                                                                                                                                                                                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 008F0F47
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008F0F6E
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 008F0F75
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008F0F7E
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 008F0F85
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008F0F8E
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 008F0F95
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 008F0FA1
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 008F0FA8
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F1193: GetProcessHeap.KERNEL32(00000008,008F0BB1,?,00000000,?,008F0BB1,?), ref: 008F11A1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,008F0BB1,?), ref: 008F11A8
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,008F0BB1,?), ref: 008F11B7
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e59855f4895eb9618f27940aa8dad63382c2f659357f1b4ccdc22f4d0a268a23
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 346d028c4e716a875ef0bd238261e3827b7df75ccb81dbc3e5ca946c324ccf8a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e59855f4895eb9618f27940aa8dad63382c2f659357f1b4ccdc22f4d0a268a23
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D37139B290420AAFDF209FA4DC49FBEBBB8FF04310F144115EA59E6192DB719916CF60
                                                                                                                                                                                                                                                                                                                                                            Function 0091C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0091C4BD
                                                                                                                                                                                                                                                                                                                                                            • RegCreateKeyExW.ADVAPI32(?,?,00000000,0092CC08,00000000,?,00000000,?,?), ref: 0091C544
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0091C5A4
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0091C5F4
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0091C66F
                                                                                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0091C6B2
                                                                                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0091C7C1
                                                                                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0091C84D
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0091C881
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0091C88E
                                                                                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0091C960
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                                                                                            • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 66835be0a88313c552582b700d748a85c11469d8e59afbaf105772fd67d44722
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: dbb2e28134e274bb5fdd9c027fb076d65ed725687d9e2654d6c773893121d939
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66835be0a88313c552582b700d748a85c11469d8e59afbaf105772fd67d44722
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA124E757082019FDB14EF18C491A6AB7E5FF88714F19885CF85A9B3A2DB31ED41CB82
                                                                                                                                                                                                                                                                                                                                                            Function 0092091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 009209C6
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00920A01
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00920A54
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00920A8A
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00920B06
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00920B81
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008AF9F2: _wcslen.LIBCMT ref: 008AF9FD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 008F2BFA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3a3d0072712252ec30bb009527a60a4b11981c01be3b9fc4e04fc1af7647eafc
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 36851e93b13d0700d3903be91444e3b69286c06b4e12eae5e0faf36805e16609
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a3d0072712252ec30bb009527a60a4b11981c01be3b9fc4e04fc1af7647eafc
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72E19A312083118FCB24EF29D45092AB7E5FFD8314B54895CF8969B7A6D731EE49CB82
                                                                                                                                                                                                                                                                                                                                                            Function 0091C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ac290968f3646a4b90f5715363c90e5db829b235ab604cfe340a24e6a5c56997
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5f11c8b97a21faa24205c1577a50a044a91b56d019108500f3e60ded3e626a51
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac290968f3646a4b90f5715363c90e5db829b235ab604cfe340a24e6a5c56997
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AF7102B278412E8BCB20DEAC99415FF3399AF60750B250528FC66E7285E634CEC4C3A1
                                                                                                                                                                                                                                                                                                                                                            Function 0092833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0092835A
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0092836E
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00928391
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 009283B4
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 009283F2
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00925BF2), ref: 0092844E
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00928487
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 009284CA
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00928501
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 0092850D
                                                                                                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0092851D
                                                                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(?,?,?,?,?,00925BF2), ref: 0092852C
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00928549
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00928555
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                                                                                            • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a6b6308bf68d99e959a0c7f80cbc4940a70b10633db3d9146b022fe30b25f5cc
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1a150d607e0e99131ebd882663a1d5f2aa23efc7a76d8f7f58d20cb674d40e3a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a6b6308bf68d99e959a0c7f80cbc4940a70b10633db3d9146b022fe30b25f5cc
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7261CDB1514225BAEB24DB64EC42FBF77ACFF08B11F104509F815D61E1DB74AA80D7A0
                                                                                                                                                                                                                                                                                                                                                            Function 00897778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-1645009161
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: efc3f1933d614f18550d98b44bc4f506a7e32bef9ac8ec25b94ee21951bf5611
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0d75b6f5fcbd025d37724ca87dc5a30abf8feb1e8b6a047119b24522217bfed0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: efc3f1933d614f18550d98b44bc4f506a7e32bef9ac8ec25b94ee21951bf5611
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 97811671610205BBDF20BF68DC42FAE37A9FF55304F084026F904EA296EB70D911C792
                                                                                                                                                                                                                                                                                                                                                            Function 008F5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(00000063), ref: 008F5A2E
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 008F5A40
                                                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 008F5A57
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EA), ref: 008F5A6C
                                                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 008F5A72
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 008F5A82
                                                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 008F5A88
                                                                                                                                                                                                                                                                                                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 008F5AA9
                                                                                                                                                                                                                                                                                                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 008F5AC3
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 008F5ACC
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008F5B33
                                                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 008F5B6F
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 008F5B75
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 008F5B7C
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 008F5BD3
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 008F5BE0
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000005,00000000,?), ref: 008F5C05
                                                                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 008F5C2F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 400b6b9a59771327a1c361cbb33ce9148dcf448a82912c5d589fce6643a3d877
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 027f927f3aedcbec47dc18534339ade6e1164135eaa46213bafcdb2ba8e01b2e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 400b6b9a59771327a1c361cbb33ce9148dcf448a82912c5d589fce6643a3d877
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B717C71900B09AFDB20DFB8CE89AAEBBF5FF48714F104918E642E25A0D775E944DB50
                                                                                                                                                                                                                                                                                                                                                            Function 008B00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 008B00C6
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0096070C,00000FA0,B2C5952C,?,?,?,?,008D23B3,000000FF), ref: 008B011C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,008D23B3,000000FF), ref: 008B0127
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,008D23B3,000000FF), ref: 008B0138
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 008B014E
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 008B015C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 008B016A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 008B0195
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 008B01A0
                                                                                                                                                                                                                                                                                                                                                            • ___scrt_fastfail.LIBCMT ref: 008B00E7
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B00A3: __onexit.LIBCMT ref: 008B00A9
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            • WakeAllConditionVariable, xrefs: 008B0162
                                                                                                                                                                                                                                                                                                                                                            • api-ms-win-core-synch-l1-2-0.dll, xrefs: 008B0122
                                                                                                                                                                                                                                                                                                                                                            • SleepConditionVariableCS, xrefs: 008B0154
                                                                                                                                                                                                                                                                                                                                                            • InitializeConditionVariable, xrefs: 008B0148
                                                                                                                                                                                                                                                                                                                                                            • kernel32.dll, xrefs: 008B0133
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                                                                                            • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 11d064739a0c6e0695680c60dc5d59ba7604917685a10e1e62206854ac734a2e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a09372293641f23204d03a27e1c9ba25eb601ea3e35ee715373768b483376e57
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 11d064739a0c6e0695680c60dc5d59ba7604917685a10e1e62206854ac734a2e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B213872A5C7116FE7246BA8AC46BAF33A4FB85B55F000539F901E73D2DBB09C009E91
                                                                                                                                                                                                                                                                                                                                                            Function 008F30F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 176396367-1603158881
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4396c42767ef1b9ab9ad895d2779f8f66fa55ea78c503fcbf092cb4dfc1e90c5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 59a2f8f0fc1a7f0d61cc5cfecd575cdba3a9e972c4962071f472faf3dedca110
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4396c42767ef1b9ab9ad895d2779f8f66fa55ea78c503fcbf092cb4dfc1e90c5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03E1D732A0061EABCB24DFB8C4516FEBBB4FF54714F548119EA56F7241DB30AE858790
                                                                                                                                                                                                                                                                                                                                                            Function 009044C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CharLowerBuffW.USER32(00000000,00000000,0092CC08), ref: 00904527
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0090453B
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00904599
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 009045F4
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0090463F
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 009046A7
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008AF9F2: _wcslen.LIBCMT ref: 008AF9FD
                                                                                                                                                                                                                                                                                                                                                            • GetDriveTypeW.KERNEL32(?,00956BF0,00000061), ref: 00904743
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                            • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ce5ff6729f6efbcc60a076c76038ec6007039c9c267e8913c8acd159ebc1937e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6597a32d29ead5a4147cf1bc1a05e3b0a5012d44e4c81428e8e1a9778f04b48c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ce5ff6729f6efbcc60a076c76038ec6007039c9c267e8913c8acd159ebc1937e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08B1EFB16083029FC710EF28C891A6AB7E9FFA5720F54491DF696C72D1E731D844CB92
                                                                                                                                                                                                                                                                                                                                                            Function 0089326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(00961990), ref: 008D2F8D
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(00961990), ref: 008D303D
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 008D3081
                                                                                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 008D308A
                                                                                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(00961990,00000000,?,00000000,00000000,00000000), ref: 008D309D
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 008D30A9
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5322262e484b43d362bb6df72b2115858d2d6e3882e901223646b2e487091840
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8df3f269f2580d52e1027245433edefff3d9c534152fdd734ad26f62ad8a2a93
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5322262e484b43d362bb6df72b2115858d2d6e3882e901223646b2e487091840
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA710571644209BAEB319B68CC49FAABF64FF55324F240216F514EA2E0C7B1A910DB91
                                                                                                                                                                                                                                                                                                                                                            Function 00926CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000,?), ref: 00926DEB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00896B57: _wcslen.LIBCMT ref: 00896B6A
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00926E5F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00926E81
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00926E94
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00926EB5
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00890000,00000000), ref: 00926EE4
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00926EFD
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00926F16
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00926F1D
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00926F35
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00926F4D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A9944: GetWindowLongW.USER32(?,000000EB), ref: 008A9952
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6ffb20eabf36a534808c6fe94aaf20030868ac6b2ba9f8c848477d4b7d1f61ad
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 134e74ff17452cfc44fb843a41eaa22dab59fcd847380df93b88ea61747ae6c4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ffb20eabf36a534808c6fe94aaf20030868ac6b2ba9f8c848477d4b7d1f61ad
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 977168B4108245AFDB21DF18EC44FAABBF9FB89304F18081DF98997661D770A916DF12
                                                                                                                                                                                                                                                                                                                                                            Function 0092911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008A9BB2
                                                                                                                                                                                                                                                                                                                                                            • DragQueryPoint.SHELL32(?,?), ref: 00929147
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00927674: ClientToScreen.USER32(?,?), ref: 0092769A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00927674: GetWindowRect.USER32(?,?), ref: 00927710
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00927674: PtInRect.USER32(?,?,00928B89), ref: 00927720
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 009291B0
                                                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 009291BB
                                                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 009291DE
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00929225
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 0092923E
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 00929255
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 00929277
                                                                                                                                                                                                                                                                                                                                                            • DragFinish.SHELL32(?), ref: 0092927E
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00929371
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                                                                                            • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 221274066-3440237614
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: db9aa252ba815a9401998ef746d5222526415c2f775deda39c95b5546aacb481
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 612fa7255f85b01a366ebb03e90958835683291048eb2e2d79b4e8292f21e72f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: db9aa252ba815a9401998ef746d5222526415c2f775deda39c95b5546aacb481
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31614771108301AFC715EF68DC85DAFBBE8FF89750F04092EF595921A1DB709A49CBA2
                                                                                                                                                                                                                                                                                                                                                            Function 0090C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0090C4B0
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0090C4C3
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0090C4D7
                                                                                                                                                                                                                                                                                                                                                            • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0090C4F0
                                                                                                                                                                                                                                                                                                                                                            • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0090C533
                                                                                                                                                                                                                                                                                                                                                            • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0090C549
                                                                                                                                                                                                                                                                                                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0090C554
                                                                                                                                                                                                                                                                                                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0090C584
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0090C5DC
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0090C5F0
                                                                                                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 0090C5FB
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c757150d21291f4e45d547cdf4f57ef06ca0ba8f0d1e86424bb4ee78aeebd60b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 26b17c8f926a336a4190753c0810a4ba097d85d72b5b7157e440c4eed2735d58
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c757150d21291f4e45d547cdf4f57ef06ca0ba8f0d1e86424bb4ee78aeebd60b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 93515AF4504609BFDB219F60CD88AAB7BBCFF08754F004619F94596290DB34E945ABA0
                                                                                                                                                                                                                                                                                                                                                            Function 0092856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00928592
                                                                                                                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009285A2
                                                                                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009285AD
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009285BA
                                                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 009285C8
                                                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009285D7
                                                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 009285E0
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009285E7
                                                                                                                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009285F8
                                                                                                                                                                                                                                                                                                                                                            • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,0092FC38,?), ref: 00928611
                                                                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00928621
                                                                                                                                                                                                                                                                                                                                                            • GetObjectW.GDI32(?,00000018,?), ref: 00928641
                                                                                                                                                                                                                                                                                                                                                            • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00928671
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 00928699
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 009286AF
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 48a8f571b638fc57e619e91d6ef9ca7a3f80f3bffc80784e3598220c7a0f8e9f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1721ac766a38eeac7c78c9de9f56c92e3ae315003c3b5913ba33ea99fe75d8bc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 48a8f571b638fc57e619e91d6ef9ca7a3f80f3bffc80784e3598220c7a0f8e9f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D24129B5605214AFDB21DFA5DC48EAF7BBCEF89715F104058F915E7260DB30A902DB60
                                                                                                                                                                                                                                                                                                                                                            Function 009014BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(00000000), ref: 00901502
                                                                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(?,?), ref: 0090150B
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00901517
                                                                                                                                                                                                                                                                                                                                                            • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 009015FB
                                                                                                                                                                                                                                                                                                                                                            • VarR8FromDec.OLEAUT32(?,?), ref: 00901657
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00901708
                                                                                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 0090178C
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 009017D8
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 009017E7
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(00000000), ref: 00901823
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                                                                                                                                                            • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5abc1fea1305e2d8ce283652cd8274d51b09283041019908ca39b8ea631c4edd
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f90d61c670022697872ba936d62584c7bd5801eb7d19a1cdc0314fe7276b2926
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5abc1fea1305e2d8ce283652cd8274d51b09283041019908ca39b8ea631c4edd
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 69D1ED71A00205DFEB10AFA9E885B6DB7B9FF45700F14845AF406AF5D1DB34E841EBA2
                                                                                                                                                                                                                                                                                                                                                            Function 0091B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0091C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0091B6AE,?,?), ref: 0091C9B5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0091C998: _wcslen.LIBCMT ref: 0091C9F1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0091C998: _wcslen.LIBCMT ref: 0091CA68
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0091C998: _wcslen.LIBCMT ref: 0091CA9E
                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0091B6F4
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0091B772
                                                                                                                                                                                                                                                                                                                                                            • RegDeleteValueW.ADVAPI32(?,?), ref: 0091B80A
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0091B87E
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0091B89C
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0091B8F2
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0091B904
                                                                                                                                                                                                                                                                                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 0091B922
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 0091B983
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0091B994
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a0812b47da977a0a4b1bc42017614de316a8ff77f0e9a0c42eed541909365e91
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5e3629db2249386a3221d41a460348e938091e0fff1d3adebb8a8cf1e0472fa6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a0812b47da977a0a4b1bc42017614de316a8ff77f0e9a0c42eed541909365e91
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 86C19331208205AFD714DF18C495F6ABBE5FF84318F18845CF4598B2A2CB75ED86CB92
                                                                                                                                                                                                                                                                                                                                                            Function 0091255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 009125D8
                                                                                                                                                                                                                                                                                                                                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 009125E8
                                                                                                                                                                                                                                                                                                                                                            • CreateCompatibleDC.GDI32(?), ref: 009125F4
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,?), ref: 00912601
                                                                                                                                                                                                                                                                                                                                                            • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0091266D
                                                                                                                                                                                                                                                                                                                                                            • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 009126AC
                                                                                                                                                                                                                                                                                                                                                            • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 009126D0
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 009126D8
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 009126E1
                                                                                                                                                                                                                                                                                                                                                            • DeleteDC.GDI32(?), ref: 009126E8
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,?), ref: 009126F3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                                                                                            • String ID: (
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2e870c8283d62c820a3dae42e13af24de6b4772ea5c30a356ab77dab80d74369
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fab7493158b5d5f40d5cdf84bfc635e4e68d0897885aae7403c48c4f22ff7cbe
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e870c8283d62c820a3dae42e13af24de6b4772ea5c30a356ab77dab80d74369
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 696124B5E00219EFCF14DFA8C884AAEBBF5FF48300F20842AE955A7250D730A951DF90
                                                                                                                                                                                                                                                                                                                                                            Function 008CDA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ___free_lconv_mon.LIBCMT ref: 008CDAA1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD659
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD66B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD67D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD68F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD6A1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD6B3
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD6C5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD6D7
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD6E9
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD6FB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD70D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD71F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD731
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CDA96
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000), ref: 008C29DE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008C29C8: GetLastError.KERNEL32(00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000,00000000), ref: 008C29F0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CDAB8
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CDACD
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CDAD8
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CDAFA
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CDB0D
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CDB1B
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CDB26
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CDB5E
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CDB65
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CDB82
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CDB9A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 51666cde5c20e825158e4b85a718ea6d54c49a7dcd7614b53d3ac4692ad43481
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a5bcbabbe0bf8d22c350414f9e0d3a63147751a398206b7e213e64f3b44b27d2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51666cde5c20e825158e4b85a718ea6d54c49a7dcd7614b53d3ac4692ad43481
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 463116726047059FEB22BA39E845F5ABBF9FF10361F15842DE449D7192DA31EC84CB21
                                                                                                                                                                                                                                                                                                                                                            Function 008F365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 008F369C
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008F36A7
                                                                                                                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 008F3797
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 008F380C
                                                                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(?), ref: 008F385D
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 008F3882
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 008F38A0
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(00000000), ref: 008F38A7
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 008F3921
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 008F395D
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: %s%u
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4010501982-679674701
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2e95c1220fbd6d3e33711183c995f07568f55faed9d7aaa39a8c8fa216cb390a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0b17a7deaad95e3e56a53c8ebcdfb61eab94f0538aaced37cbeab6a0e52ef008
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e95c1220fbd6d3e33711183c995f07568f55faed9d7aaa39a8c8fa216cb390a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C291D27120460AAFD718DF34C885BFAF7A8FF44354F008629FA99D2190DB74EA46CB91
                                                                                                                                                                                                                                                                                                                                                            Function 008F4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 008F4994
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 008F49DA
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008F49EB
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,00000000), ref: 008F49F7
                                                                                                                                                                                                                                                                                                                                                            • _wcsstr.LIBVCRUNTIME ref: 008F4A2C
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 008F4A64
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 008F4A9D
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 008F4AE6
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 008F4B20
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 008F4B8B
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                            • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 17142e4e9d0999907251aaff9f969d8502496d7bbb5a8e97b5f069f6b0300c0f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a8bda7ab5d510cf104eabde8e7329c91a6d9d4caa9cc6f6bbf26da947c9a4810
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 17142e4e9d0999907251aaff9f969d8502496d7bbb5a8e97b5f069f6b0300c0f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14919E7110820A9FDB04DF68C985BBB77A8FF84314F04546AFE85DA196DB30ED45CBA2
                                                                                                                                                                                                                                                                                                                                                            Function 00928D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008A9BB2
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00928D5A
                                                                                                                                                                                                                                                                                                                                                            • GetFocus.USER32 ref: 00928D6A
                                                                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(00000000), ref: 00928D75
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00928E1D
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00928ECF
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(?), ref: 00928EEC
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,00000000), ref: 00928EFC
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00928F2E
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00928F70
                                                                                                                                                                                                                                                                                                                                                            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00928FA1
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 34b19025c0d5278dbb8c8d54ea6d8927c02d858beee6b2d12aec56a73670d152
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ebb79f9b079132b0076ea2b36a2d106c25b56f5119babf87d30600e449eaf93b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 34b19025c0d5278dbb8c8d54ea6d8927c02d858beee6b2d12aec56a73670d152
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1381BE71509321AFDB20DF24E984AABBBE9FF88314F04091DF984D7295DB70D905DBA2
                                                                                                                                                                                                                                                                                                                                                            Function 008FDC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetFileVersionInfoSizeW.VERSION(?,?), ref: 008FDC20
                                                                                                                                                                                                                                                                                                                                                            • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 008FDC46
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008FDC50
                                                                                                                                                                                                                                                                                                                                                            • _wcsstr.LIBVCRUNTIME ref: 008FDCA0
                                                                                                                                                                                                                                                                                                                                                            • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 008FDCBC
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                            • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fa2d2fdeecf3a8c99f87c14341ed40002383654e095860b26f5e9169ad96b506
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b6b45a5319256230cc405a09e5fd98ecd2887c716b1d65fe59ff68bedb36ecab
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa2d2fdeecf3a8c99f87c14341ed40002383654e095860b26f5e9169ad96b506
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C1410072A443087BEB14B7799C43EFF37ACFF56710F100069FB00E6283EA20990196A6
                                                                                                                                                                                                                                                                                                                                                            Function 0091CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0091CC64
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0091CC8D
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0091CD48
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0091CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0091CCAA
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0091CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0091CCBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0091CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0091CCCF
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0091CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0091CD05
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0091CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0091CD28
                                                                                                                                                                                                                                                                                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 0091CCF3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f47b0e006fca1e1abee4361665562402774e1a78f7bede7e799cd7998e39a4de
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7ab21cb55a26f3840793506fdfa9a3ff2531cba8d40758b6bb2a8227d4343d55
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f47b0e006fca1e1abee4361665562402774e1a78f7bede7e799cd7998e39a4de
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BA319EB5A8512CBBDB218B51DC88EFFBB7CEF45740F000465A905E2241DA748E86EAA0
                                                                                                                                                                                                                                                                                                                                                            Function 00903D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00903D40
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00903D6D
                                                                                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 00903D9D
                                                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00903DBE
                                                                                                                                                                                                                                                                                                                                                            • RemoveDirectoryW.KERNEL32(?), ref: 00903DCE
                                                                                                                                                                                                                                                                                                                                                            • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00903E55
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00903E60
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00903E6B
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ab57eeba03dcb80ea0618e1ffc7af44b8fa7c57f53f42e97e134d38eafc0e716
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e1f1b64db6ea0abd1bdc1bbdf7d4f924b4a89c921c4103ce60526cc4ec6f83a7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ab57eeba03dcb80ea0618e1ffc7af44b8fa7c57f53f42e97e134d38eafc0e716
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B31B2B1914209ABDB21DBA4DC49FEF37BCEF88700F1081B6F519D61A0EB7497458B24
                                                                                                                                                                                                                                                                                                                                                            Function 008FE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • timeGetTime.WINMM ref: 008FE6B4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008AE551: timeGetTime.WINMM(?,?,008FE6D4), ref: 008AE555
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A), ref: 008FE6E1
                                                                                                                                                                                                                                                                                                                                                            • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 008FE705
                                                                                                                                                                                                                                                                                                                                                            • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 008FE727
                                                                                                                                                                                                                                                                                                                                                            • SetActiveWindow.USER32 ref: 008FE746
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 008FE754
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 008FE773
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000000FA), ref: 008FE77E
                                                                                                                                                                                                                                                                                                                                                            • IsWindow.USER32 ref: 008FE78A
                                                                                                                                                                                                                                                                                                                                                            • EndDialog.USER32(00000000), ref: 008FE79B
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                                                                                            • String ID: BUTTON
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 135f77061f52dc9c8db790df048fa86dc6684220b0ce587116f2ad038dd8b49e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fe919c4abdee0798c3b4fc176df5d214b3a1b87d39d1ead54f69cf11074cb547
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 135f77061f52dc9c8db790df048fa86dc6684220b0ce587116f2ad038dd8b49e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 232165B022860DAFEB205F75EC8DE3D3B69F754749B10042AF612C1171DBB59C11AB25
                                                                                                                                                                                                                                                                                                                                                            Function 008FE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 008FEA5D
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 008FEA73
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 008FEA84
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 008FEA96
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 008FEAA7
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cfa9a451a30f5f62a4dbccee06ad5d5686b8ff69503288a749b4f8b8f11354af
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bc8d6cc179887939fc352e1af5cb11c44d0df0b58daadc5f69ca363dbfb0676e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cfa9a451a30f5f62a4dbccee06ad5d5686b8ff69503288a749b4f8b8f11354af
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC118F61A9022979DB20F7A6DC5ADFF6A7CFBE1F44F440429B901E20E0EA700909C6B1
                                                                                                                                                                                                                                                                                                                                                            Function 008F5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000001), ref: 008F5CE2
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 008F5CFB
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 008F5D59
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000002), ref: 008F5D69
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 008F5D7B
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 008F5DCF
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 008F5DDD
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 008F5DEF
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 008F5E31
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EA), ref: 008F5E44
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 008F5E5A
                                                                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 008F5E67
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e62a5cde89405bc482db469322debf5a10c7deada663124a92866e1e6ef54110
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 33f896137c4551927902fc8b25d21b8465e75216bad49ea46c28bce940149f4d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e62a5cde89405bc482db469322debf5a10c7deada663124a92866e1e6ef54110
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2951FEB1A10609AFDF18DF68DD89AAEBBB9FB48300F148129F615E6690D7709E05CB50
                                                                                                                                                                                                                                                                                                                                                            Function 008A8BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,008A8BE8,?,00000000,?,?,?,?,008A8BBA,00000000,?), ref: 008A8FC5
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 008A8C81
                                                                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(00000000,?,?,?,?,008A8BBA,00000000,?), ref: 008A8D1B
                                                                                                                                                                                                                                                                                                                                                            • DestroyAcceleratorTable.USER32(00000000), ref: 008E6973
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,008A8BBA,00000000,?), ref: 008E69A1
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,008A8BBA,00000000,?), ref: 008E69B8
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,008A8BBA,00000000), ref: 008E69D4
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 008E69E6
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 641708696-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fd3fae47b4e33df176ca04a2a60d1db0f26da12034d6ce59e798a7bf1ed8e893
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1025f6fa6bf773cd0392724bbd0447d793e8ef8d3ea4b4846ce15a0b0caaa7a9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd3fae47b4e33df176ca04a2a60d1db0f26da12034d6ce59e798a7bf1ed8e893
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4361DB30416640DFEB359F19D948B29BBF1FB52326F18452CE042DB960CB71ACA1EFA0
                                                                                                                                                                                                                                                                                                                                                            Function 008A9838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A9944: GetWindowLongW.USER32(?,000000EB), ref: 008A9952
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 008A9862
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3261611dc767e740a882813f35cdd127847cd6b4e873f0ed8149838aa635c0ea
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b0525c8b400e36eeaff09570d5801ea9af767bb18b3dc8a5f189e5089fa8bc4b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3261611dc767e740a882813f35cdd127847cd6b4e873f0ed8149838aa635c0ea
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8418E7110C644AAEB305F389C85BB93B65FB07320F144655FAE2C71E2C6799C42EB11
                                                                                                                                                                                                                                                                                                                                                            Function 008F96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,008DF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 008F9717
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000,?,008DF7F8,00000001), ref: 008F9720
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,008DF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 008F9742
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000,?,008DF7F8,00000001), ref: 008F9745
                                                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 008F9866
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 858b57cbca155b200a9f5cf98ccf212b32f62eaa1bb02762fa183bd8f3a9c338
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 458ee819098eab01443b13b9d5dfb6fcb97f8abb783822d13e276e0d95063b65
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 858b57cbca155b200a9f5cf98ccf212b32f62eaa1bb02762fa183bd8f3a9c338
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B9413A72804209AACF04FBE8DD46EEE7778FF55344F540029F605B2192EB256F48DB62
                                                                                                                                                                                                                                                                                                                                                            Function 008F06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00896B57: _wcslen.LIBCMT ref: 00896B6A
                                                                                                                                                                                                                                                                                                                                                            • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 008F07A2
                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 008F07BE
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 008F07DA
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 008F0804
                                                                                                                                                                                                                                                                                                                                                            • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 008F082C
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 008F0837
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 008F083C
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: bcf731b97c28837902d36f6cc231c3feafceb3f00c7d1f2909df871ab892b52f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 160c31724674f7f70eedfd3633cf0b95242b32a3e19341d61f2b422c31200d2d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bcf731b97c28837902d36f6cc231c3feafceb3f00c7d1f2909df871ab892b52f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD410772C10229AFCF25EBA8DC958EEB778FF44350F494169E911A3161EB309E04CF91
                                                                                                                                                                                                                                                                                                                                                            Function 00913C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00913C5C
                                                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 00913C8A
                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 00913C94
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00913D2D
                                                                                                                                                                                                                                                                                                                                                            • GetRunningObjectTable.OLE32(00000000,?), ref: 00913DB1
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001,00000029), ref: 00913ED5
                                                                                                                                                                                                                                                                                                                                                            • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00913F0E
                                                                                                                                                                                                                                                                                                                                                            • CoGetObject.OLE32(?,00000000,0092FB98,?), ref: 00913F2D
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000), ref: 00913F40
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00913FC4
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00913FD8
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b700c01d7a3421195cfb03cd59f32837087286866abea872a1ee5c684d301413
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9ca5add3afe135ba0377b621021bd2d0c848c6adb2a335b38f1c734e27f3e761
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b700c01d7a3421195cfb03cd59f32837087286866abea872a1ee5c684d301413
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CBC132716083099FD710DF28C88496ABBF9FF89744F04891DF98A9B251D730EE46CB92
                                                                                                                                                                                                                                                                                                                                                            Function 00907A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 00907AF3
                                                                                                                                                                                                                                                                                                                                                            • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00907B8F
                                                                                                                                                                                                                                                                                                                                                            • SHGetDesktopFolder.SHELL32(?), ref: 00907BA3
                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(0092FD08,00000000,00000001,00956E6C,?), ref: 00907BEF
                                                                                                                                                                                                                                                                                                                                                            • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00907C74
                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(?,?), ref: 00907CCC
                                                                                                                                                                                                                                                                                                                                                            • SHBrowseForFolderW.SHELL32(?), ref: 00907D57
                                                                                                                                                                                                                                                                                                                                                            • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00907D7A
                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00907D81
                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00907DD6
                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 00907DDC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 746e143c715a4516f84948b5511e3d90876bfdbfc959078611b04be9019c67a8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 43005c5a5adc49e86153d69b9b7d094714d01348d74c6d89661f19a679750bdb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 746e143c715a4516f84948b5511e3d90876bfdbfc959078611b04be9019c67a8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 25C1F875A04119AFDB14DFA8C884DAEBBB9FF48314B148499E819DB3A1D730EE45CB90
                                                                                                                                                                                                                                                                                                                                                            Function 0092541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00925504
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00925515
                                                                                                                                                                                                                                                                                                                                                            • CharNextW.USER32(00000158), ref: 00925544
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00925585
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0092559B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 009255AC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1350042424-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: faa4391109080b7558ed2ef5dca9144bfd11328bdeeb47c8d8e4d15de0f2c342
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8912759dd538191e415b500e1338f5f0942b73f6c4e2301283d948741f403d02
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: faa4391109080b7558ed2ef5dca9144bfd11328bdeeb47c8d8e4d15de0f2c342
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E61DF74904629EFDF209F94EC84EFE7BB9EF09320F118005F925A72A4C7748A81DB60
                                                                                                                                                                                                                                                                                                                                                            Function 008EFA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 008EFAAF
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAllocData.OLEAUT32(?), ref: 008EFB08
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 008EFB1A
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(?,?), ref: 008EFB3A
                                                                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(?,?), ref: 008EFB8D
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayUnaccessData.OLEAUT32(?), ref: 008EFBA1
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 008EFBB6
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayDestroyData.OLEAUT32(?), ref: 008EFBC3
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 008EFBCC
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 008EFBDE
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 008EFBE9
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: bdd00370c82f0139871c43b7fa7c4053d07beff8500fd2eb70fb327bb88ce269
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b452d33075a5a4fbf61f7b713ae16623375bc25ccc1120cc27663b9ef0d6de99
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bdd00370c82f0139871c43b7fa7c4053d07beff8500fd2eb70fb327bb88ce269
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E417275A14219AFCF10EF69CC549AEBBB9FF48354F008065E905E7261CB30A946CF91
                                                                                                                                                                                                                                                                                                                                                            Function 008F9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 008F9CA1
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 008F9D22
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A0), ref: 008F9D3D
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 008F9D57
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A1), ref: 008F9D6C
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000011), ref: 008F9D84
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000011), ref: 008F9D96
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000012), ref: 008F9DAE
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000012), ref: 008F9DC0
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 008F9DD8
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(0000005B), ref: 008F9DEA
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4b054d7d19ed49f9d4ddc52fe5ae3eeba3664fe3a66c46d198bbb9c1aa914c3a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b1e31a8254a4f3b41dbfc224c4d168a37a53453aa3636a5e70a652ae0490932e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4b054d7d19ed49f9d4ddc52fe5ae3eeba3664fe3a66c46d198bbb9c1aa914c3a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2419674508BCE6DFF31967488047B5BEA0FF12344F14805ADBC6D66C2DBA599C8C7A2
                                                                                                                                                                                                                                                                                                                                                            Function 0091055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • WSAStartup.WSOCK32(00000101,?), ref: 009105BC
                                                                                                                                                                                                                                                                                                                                                            • inet_addr.WSOCK32(?), ref: 0091061C
                                                                                                                                                                                                                                                                                                                                                            • gethostbyname.WSOCK32(?), ref: 00910628
                                                                                                                                                                                                                                                                                                                                                            • IcmpCreateFile.IPHLPAPI ref: 00910636
                                                                                                                                                                                                                                                                                                                                                            • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 009106C6
                                                                                                                                                                                                                                                                                                                                                            • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 009106E5
                                                                                                                                                                                                                                                                                                                                                            • IcmpCloseHandle.IPHLPAPI(?), ref: 009107B9
                                                                                                                                                                                                                                                                                                                                                            • WSACleanup.WSOCK32 ref: 009107BF
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                                                                            • String ID: Ping
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 173af2ed594e36a9b36d9cfec3f55eed651dc30585c7023e655ae01a67dbdc4f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 345ba1aceec5a4ce611e5b621697dcb8c2c9dfa9aac40d1bc9bc4c481d199239
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 173af2ed594e36a9b36d9cfec3f55eed651dc30585c7023e655ae01a67dbdc4f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F918E756082019FD720DF19C889B5ABBE4FF84358F1485A9F4698B6A2C771EDC1CF81
                                                                                                                                                                                                                                                                                                                                                            Function 00918CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                                                                                            • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 91c19d3c59f3ba85f6f8c9f1ed9d6693aa5efb25998cd23bf37d69d48f0c2d63
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 91599653dd77f16e83e7b23b3854aa2463c8aa8f8bcceb05fb9b9c001d87ca71
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 91c19d3c59f3ba85f6f8c9f1ed9d6693aa5efb25998cd23bf37d69d48f0c2d63
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF519F31A0011A9ACF24EF6CC8409FFB7A9FF64324B244629E826E72C0DB30DD80D791
                                                                                                                                                                                                                                                                                                                                                            Function 0091372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32 ref: 00913774
                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 0091377F
                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(?,00000000,00000017,0092FB78,?), ref: 009137D9
                                                                                                                                                                                                                                                                                                                                                            • IIDFromString.OLE32(?,?), ref: 0091384C
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 009138E4
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00913936
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                                                                                            • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f9decf4c7ab356a1f3606d420b258f36ff6ac59aeb5ca31c043cb1147fa22d4f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e4a4a84fc020c050fcb10c26e7a06c03e1f1a7bf9a8f811fe1184d6485d974b2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9decf4c7ab356a1f3606d420b258f36ff6ac59aeb5ca31c043cb1147fa22d4f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B961A170708305AFD710DF64C844BAABBF8EF89714F108859F98597291D770EE88CB92
                                                                                                                                                                                                                                                                                                                                                            Function 00908195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetLocalTime.KERNEL32(?), ref: 00908257
                                                                                                                                                                                                                                                                                                                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00908267
                                                                                                                                                                                                                                                                                                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00908273
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00908310
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00908324
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00908356
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0090838C
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00908395
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: bc6b4f4bd3af58b7ea244a4917b571c72db00fda5b2227851e796425755a58be
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1e214574887cd71730b12df77809c153f53b7a27b8056a6057b8c48a23559cbf
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc6b4f4bd3af58b7ea244a4917b571c72db00fda5b2227851e796425755a58be
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ED614AB26087059FCB10EF68D8409AFB3E8FF89314F044929F999D7251EB35E945CB92
                                                                                                                                                                                                                                                                                                                                                            Function 00903388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 009033CF
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 009033F0
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4bfd5760f6f2dd5ca4b42fb63ee321004572f9ad86380c175dae583cc2038986
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 54889578e06040b6f6887671e7ce8d2f4d4a07e67785adb41c85dbd093ad9928
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4bfd5760f6f2dd5ca4b42fb63ee321004572f9ad86380c175dae583cc2038986
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9651A071900209AADF15FBA8DD42EEEB778FF04344F184169F505B21A2EB712F58DB62
                                                                                                                                                                                                                                                                                                                                                            Function 008FB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1256254125-769500911
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1bd92da370f89fee3559ed51a2b56f8bece23703fb3d72b112fa844b1e1cfbd8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 24f77bf97222ce75ad9c0643cdf2162781983005022172682c0fa499bec65fab
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1bd92da370f89fee3559ed51a2b56f8bece23703fb3d72b112fa844b1e1cfbd8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA41B632A0012A9BCB20AF7DCC915BE7BA5FF74758B254129E661DB284F739CD81C790
                                                                                                                                                                                                                                                                                                                                                            Function 00905393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 009053A0
                                                                                                                                                                                                                                                                                                                                                            • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00905416
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00905420
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,READY), ref: 009054A7
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                                                                                                                            • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: da4c3bfed5a711c23c5e76e99d1afc5ee294804adc39cd6f49604244e0f9ee0a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6be1a06c143a1327fdc8bfd9b97c4f790a028ee560713a614ad3d098687267b9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: da4c3bfed5a711c23c5e76e99d1afc5ee294804adc39cd6f49604244e0f9ee0a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E3319D75A006059FCB10DF69C885AEABBB8FF04305F598469E805CB2E2DB70DD86CF91
                                                                                                                                                                                                                                                                                                                                                            Function 00923C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateMenu.USER32 ref: 00923C79
                                                                                                                                                                                                                                                                                                                                                            • SetMenu.USER32(?,00000000), ref: 00923C88
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00923D10
                                                                                                                                                                                                                                                                                                                                                            • IsMenu.USER32(?), ref: 00923D24
                                                                                                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 00923D2E
                                                                                                                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00923D5B
                                                                                                                                                                                                                                                                                                                                                            • DrawMenuBar.USER32 ref: 00923D63
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0$F
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1ec1e780b395112e04b46e0ef9b523cac8e31a661f2978ddfbc77917528fe314
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 297245c810a2550667de25f0b16fb920cdb2725605654a7f8065c9a248c91587
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1ec1e780b395112e04b46e0ef9b523cac8e31a661f2978ddfbc77917528fe314
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D04189B4A15219AFDB24CF64E844EAA7BB9FF49310F144028F946A73A0D774EA10DF90
                                                                                                                                                                                                                                                                                                                                                            Function 00923A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00923A9D
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00923AA0
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00923AC7
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00923AEA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00923B62
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00923BAC
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00923BC7
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00923BE2
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00923BF6
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00923C13
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 112030f2a30385aef083143fe30366fb2e6a1b71ddf1793f9ba1b29f2ee791d9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: dd7d7ed9a464abb01b5636b75773747ee8c045ab8bb8e3202673613bce8d409a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 112030f2a30385aef083143fe30366fb2e6a1b71ddf1793f9ba1b29f2ee791d9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38617875A00218AFDB10DFA8DC81EEE77B8EB49700F14419AFA55E72A1C774AE41DB50
                                                                                                                                                                                                                                                                                                                                                            Function 008FB12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 008FB151
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(00000000,?,?,?,?,?,008FA1E1,?,00000001), ref: 008FB165
                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000), ref: 008FB16C
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,008FA1E1,?,00000001), ref: 008FB17B
                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 008FB18D
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,008FA1E1,?,00000001), ref: 008FB1A6
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,008FA1E1,?,00000001), ref: 008FB1B8
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,008FA1E1,?,00000001), ref: 008FB1FD
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,008FA1E1,?,00000001), ref: 008FB212
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,008FA1E1,?,00000001), ref: 008FB21D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 123f4c609440fc59c4bb001e71135dd8b0430e132d51f38dff0bf5448d9d6c24
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 402d0524fd1022cd08b92184510009b5ed05eb83b42b7c2f801a7a72ddd059fd
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 123f4c609440fc59c4bb001e71135dd8b0430e132d51f38dff0bf5448d9d6c24
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AF31ADB1528208BFEB209F74DC48BBD7BA9FB61391F108009FB01D6190D7B49E459FA4
                                                                                                                                                                                                                                                                                                                                                            Function 008C2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008C2C94
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000), ref: 008C29DE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008C29C8: GetLastError.KERNEL32(00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000,00000000), ref: 008C29F0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008C2CA0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008C2CAB
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008C2CB6
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008C2CC1
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008C2CCC
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008C2CD7
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008C2CE2
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008C2CED
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008C2CFB
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a914d3e7c6fe58741ccb58ec5973b97af373b4062e703c5bf111f1af9fd8cdaa
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 44efd02d7a48ebfda3c8ba9c484c4a5f93dccae19e39a68b900f73ae2b80d4d5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a914d3e7c6fe58741ccb58ec5973b97af373b4062e703c5bf111f1af9fd8cdaa
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1911A476100108AFCB02EF58D882EDD3FB5FF05350F4144A9FA489F2A2DA31EE549B91
                                                                                                                                                                                                                                                                                                                                                            Function 00907DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00907FAD
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00907FC1
                                                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 00907FEB
                                                                                                                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 00908005
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00908017
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00908060
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 009080B0
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 52bf7d7ed4a8ca194296bdcaf3355c54a3fcf8e6d7e15eb6bf1b952e5f461206
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a47f3ff0437cfa1a50e4d3cd6a9bb8835ba6c9fa3da0cdff0a7b2751670fbd84
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 52bf7d7ed4a8ca194296bdcaf3355c54a3fcf8e6d7e15eb6bf1b952e5f461206
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 188171729082459FCB20EF54C4449AEF7E8FF85320F544C6AF885D72A1EB35ED458B52
                                                                                                                                                                                                                                                                                                                                                            Function 00895BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EB), ref: 00895C7A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00895D0A: GetClientRect.USER32(?,?), ref: 00895D30
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00895D0A: GetWindowRect.USER32(?,?), ref: 00895D71
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00895D0A: ScreenToClient.USER32(?,?), ref: 00895D99
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32 ref: 008D46F5
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 008D4708
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 008D4716
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 008D472B
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 008D4733
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 008D47C4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: U
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 942bf70a074cb66d8ac384a4d4cef6154cb2e1351e0ad48432ad3a6d264a9c55
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bdb0eb8e32ee6b4b970927fe0846d82af1f0c5fb693089a10d533f37a831c259
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 942bf70a074cb66d8ac384a4d4cef6154cb2e1351e0ad48432ad3a6d264a9c55
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3171E231404209DFCF219F64C984ABA7BB5FF4A368F18536AE956DA2A6C731CC41DF50
                                                                                                                                                                                                                                                                                                                                                            Function 0090359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 009035E4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00962390,?,00000FFF,?), ref: 0090360A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 15e7ebc9e018f61de32bee3dbcd4751e5a2ddfacc25ff0c3a8e64dbc29463289
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d60ba9a409a506c0ef6bcd4fcbf5fe3e799f997b87ced9881b5e3e224345908a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15e7ebc9e018f61de32bee3dbcd4751e5a2ddfacc25ff0c3a8e64dbc29463289
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0516F71800209BADF15FBA4DC42EEEBB38FF54304F084129F505B21A1EB711B99DBA2
                                                                                                                                                                                                                                                                                                                                                            Function 00928B02 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008A9BB2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A912D: GetCursorPos.USER32(?), ref: 008A9141
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A912D: ScreenToClient.USER32(00000000,?), ref: 008A915E
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A912D: GetAsyncKeyState.USER32(00000001), ref: 008A9183
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A912D: GetAsyncKeyState.USER32(00000002), ref: 008A919D
                                                                                                                                                                                                                                                                                                                                                            • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00928B6B
                                                                                                                                                                                                                                                                                                                                                            • ImageList_EndDrag.COMCTL32 ref: 00928B71
                                                                                                                                                                                                                                                                                                                                                            • ReleaseCapture.USER32 ref: 00928B77
                                                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,00000000), ref: 00928C12
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00928C25
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00928CFF
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                                                                                                            • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1924731296-2107944366
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fe267dd38800c327006ddb2c95c2211033a7ec42697a4eafc9e399a5541b76a3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 64cc4a536cb2ce79d394cb19ddef21e2aa93fbe1dc46f5217adcd41801b497e6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fe267dd38800c327006ddb2c95c2211033a7ec42697a4eafc9e399a5541b76a3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7518C71109310AFDB14EF14EC56FAA77E4FB88714F04062DF996A72A1DB719904CBA2
                                                                                                                                                                                                                                                                                                                                                            Function 0090C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0090C272
                                                                                                                                                                                                                                                                                                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0090C29A
                                                                                                                                                                                                                                                                                                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0090C2CA
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0090C322
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?), ref: 0090C336
                                                                                                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 0090C341
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2bddb202dfc7735a62b60d5f7c3f7b5e446e24cf17321124b9196e66395d708f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 02b86dd8b438f6edf2629612205e96fd490e87981a5fb455e718ea514ec2647f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2bddb202dfc7735a62b60d5f7c3f7b5e446e24cf17321124b9196e66395d708f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C5314AF1614608AFD7219FA48C88AAF7BFCEB49744F14861EF446D2290DB34DD05ABA1
                                                                                                                                                                                                                                                                                                                                                            Function 008F989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,008D3AAF,?,?,Bad directive syntax error,0092CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 008F98BC
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000,?,008D3AAF,?), ref: 008F98C3
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 008F9987
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b6b44f97512124582d1a5c00aa95c0f07861888ed38bb5d343d073a1fb342c91
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d76ce5f9376e9eee21f24cd39e9b140ff04cf3adce5ffa04eaee748110f59839
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6b44f97512124582d1a5c00aa95c0f07861888ed38bb5d343d073a1fb342c91
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8121943194421EABDF11EFA4CC06EFE7739FF14305F084469F615A20A2DB719618DB61
                                                                                                                                                                                                                                                                                                                                                            Function 008F209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32 ref: 008F20AB
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000000,?,00000100), ref: 008F20C0
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 008F214D
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 971ce1bd5dec5a5b85a88bc6178152e59786cd9d99f12cb1911a13ed6eb05d96
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ea764708651f3d395dbd81eaffa746ee7e3504ad26583b7802dea9ae825babb8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 971ce1bd5dec5a5b85a88bc6178152e59786cd9d99f12cb1911a13ed6eb05d96
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4111367628870FB9FA116234DC1BDFA739CEF05329B211116FB04E40E2FE61B88A5619
                                                                                                                                                                                                                                                                                                                                                            Function 008C8D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1930f311cb1090ef4d533f18cc5931a8f9cd6d04895b64e8bf03e1f3b625238f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1907beb348b25ef5941edf6eda437cdbcdc226532601e5b0e77c2d7759c6e0d4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1930f311cb1090ef4d533f18cc5931a8f9cd6d04895b64e8bf03e1f3b625238f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 92C1BB74A04649AFDB219FA8D885FADBBB0FF49310F08409DE955E7392CB70D941CB62
                                                                                                                                                                                                                                                                                                                                                            Function 008CCE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4f0d4df43ed8888378c2c6e248e2ee84bd777a56e5305681e2c28ff6198aa927
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 09ae8f5e6e12c0cffaca07cbfbb183be140ef27ec2888948a8b0c45a93997284
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f0d4df43ed8888378c2c6e248e2ee84bd777a56e5305681e2c28ff6198aa927
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D613571918304AFDB21AFB89892F6A7BB9FF05320F04426DF948D7282DBB1DD019791
                                                                                                                                                                                                                                                                                                                                                            Function 008A8B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 008E6890
                                                                                                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 008E68A9
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 008E68B9
                                                                                                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 008E68D1
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 008E68F2
                                                                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,008A8874,00000000,00000000,00000000,000000FF,00000000), ref: 008E6901
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 008E691E
                                                                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,008A8874,00000000,00000000,00000000,000000FF,00000000), ref: 008E692D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 621dbe1bed8f60659c4d85726d7f07864ad06983c8f652ff12e84fface5be05d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 118792c4054014780f3349a2f58e24f52b7674ed9a2464e9ce4351a7b11bd045
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 621dbe1bed8f60659c4d85726d7f07864ad06983c8f652ff12e84fface5be05d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E0519AB0600209EFEB20DF25CC55BAA7BB5FB59360F104528F902D76A0EB70E991DB60
                                                                                                                                                                                                                                                                                                                                                            Function 0090C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0090C182
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0090C195
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?), ref: 0090C1A9
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0090C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0090C272
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0090C253: GetLastError.KERNEL32 ref: 0090C322
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0090C253: SetEvent.KERNEL32(?), ref: 0090C336
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0090C253: InternetCloseHandle.WININET(00000000), ref: 0090C341
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 800eb66ee49e1a278521d64c325ba666ef13794b7634685c890e4e91f9440f29
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 04e359c88821a1f2d982c69d0ab532026ba9cc499c349c10dd897795e86f13a8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 800eb66ee49e1a278521d64c325ba666ef13794b7634685c890e4e91f9440f29
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C318EB1604601FFDB219FA9DD44A6ABBFDFF58310B00461DF96682A50DB30E815ABA0
                                                                                                                                                                                                                                                                                                                                                            Function 008F25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 008F3A57
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F3A3D: GetCurrentThreadId.KERNEL32 ref: 008F3A5E
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008F25B3), ref: 008F3A65
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 008F25BD
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 008F25DB
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 008F25DF
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 008F25E9
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 008F2601
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 008F2605
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 008F260F
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 008F2623
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 008F2627
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e95d4c387bd40c9cdca2bd437a89292d89c5aa85cdda6888b2585fed9babbd29
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f77a267d32ef716d258bace6ee74fdc6293bbbde877ef7c322e3478f8e2319e8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e95d4c387bd40c9cdca2bd437a89292d89c5aa85cdda6888b2585fed9babbd29
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD01D870398624BBFB2067799C8AF693F59EF4EB11F100001F314EE0D1C9E214459A6A
                                                                                                                                                                                                                                                                                                                                                            Function 008F1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,008F1449,?,?,00000000), ref: 008F180C
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,008F1449,?,?,00000000), ref: 008F1813
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,008F1449,?,?,00000000), ref: 008F1828
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,?,008F1449,?,?,00000000), ref: 008F1830
                                                                                                                                                                                                                                                                                                                                                            • DuplicateHandle.KERNEL32(00000000,?,008F1449,?,?,00000000), ref: 008F1833
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,008F1449,?,?,00000000), ref: 008F1843
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(008F1449,00000000,?,008F1449,?,?,00000000), ref: 008F184B
                                                                                                                                                                                                                                                                                                                                                            • DuplicateHandle.KERNEL32(00000000,?,008F1449,?,?,00000000), ref: 008F184E
                                                                                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,008F1874,00000000,00000000,00000000), ref: 008F1868
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 99af5b302d9eb31b970c33e62164138d4c1b8c2d8ab357b29a8a666af843d74a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 03fbc42c9d77d270aef798b8138161c2192076bc61d1027d5f973eb94812426e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 99af5b302d9eb31b970c33e62164138d4c1b8c2d8ab357b29a8a666af843d74a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6801BFB5654308BFE720AB75DC4EF6B3B6CEB89B11F104411FA05DB192C6749815DB60
                                                                                                                                                                                                                                                                                                                                                            Function 0091A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008FD4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 008FD501
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008FD4DC: Process32FirstW.KERNEL32(00000000,?), ref: 008FD50F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008FD4DC: CloseHandle.KERNEL32(00000000), ref: 008FD5DC
                                                                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0091A16D
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0091A180
                                                                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0091A1B3
                                                                                                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,00000000), ref: 0091A268
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000), ref: 0091A273
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0091A2C4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                                                                            • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9df9002dce82d186b21ce223c2c325d5fb4c4fcec62bb5b134246ae355841230
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 883c526dfcb28e557081e0bad2f8abaae1f50d9bf9dfc8ed8e85190b28f749e2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9df9002dce82d186b21ce223c2c325d5fb4c4fcec62bb5b134246ae355841230
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9661B271309241AFD720DF18C494F69BBE5AF44318F58848CE4668B7A3C776ED85CB92
                                                                                                                                                                                                                                                                                                                                                            Function 00923886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00923925
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0092393A
                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00923954
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00923999
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001057,00000000,?), ref: 009239C6
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001061,?,0000000F), ref: 009239F4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: SysListView32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7a69ffa917d2c099f61d12b6a1dfb0ff74a9cf27642926eb2ceb2a37b08417f6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c24a98d36e7a39e2d7f04e1932bfdb42f53ad40edc2cd799f9a9f4e8a8a6cf2c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7a69ffa917d2c099f61d12b6a1dfb0ff74a9cf27642926eb2ceb2a37b08417f6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1441E371A00229ABEF21DF64DC49BEE7BA9FF48350F104526F948E7281D7759E80CB90
                                                                                                                                                                                                                                                                                                                                                            Function 008FBC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 008FBCFD
                                                                                                                                                                                                                                                                                                                                                            • IsMenu.USER32(00000000), ref: 008FBD1D
                                                                                                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 008FBD53
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(00FA5788), ref: 008FBDA4
                                                                                                                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(00FA5788,?,00000001,00000030), ref: 008FBDCC
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0$2
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 987f02535a557b8da7e31a1114d158a99d9c1622bfc19cbcf2622e8261ea4012
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a8bf5a1e54c077571426a5d8c7dda42190721c91f3d3ad9e3e677d636f1f70fd
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 987f02535a557b8da7e31a1114d158a99d9c1622bfc19cbcf2622e8261ea4012
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0518BB0A0420D9BDB20EFB8D884BBEBBF8FF45354F244219E611D7290D7709941CB62
                                                                                                                                                                                                                                                                                                                                                            Function 008FC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(00000000,00007F03), ref: 008FC913
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconLoad
                                                                                                                                                                                                                                                                                                                                                            • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b8b1e625ad6e242cd2821769d9ffc472e5d8f27e83b3c44429fb2d7b49debd01
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6b310c81f503970b8d07e0269d7988fd40b94b18808822213c162f5437439613
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b8b1e625ad6e242cd2821769d9ffc472e5d8f27e83b3c44429fb2d7b49debd01
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C11083178930EBAEB009B749D83CBE6B9CFF15359B50102AFA00E6282E7A19F045265
                                                                                                                                                                                                                                                                                                                                                            Function 008FED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5de8fb07c11c1bf597eed7ba070b565e410bac05b79297984b34a80230683c33
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: deea6066a7a2490dc106dfba7ae934723f1e1cb5b7524f379c7cc2935fd57940
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5de8fb07c11c1bf597eed7ba070b565e410bac05b79297984b34a80230683c33
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4D416265C1021C76DB11EBF88C8A9DFB7A8FF45710F508566E618E3222FB34E255C3A6
                                                                                                                                                                                                                                                                                                                                                            Function 008AF8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,008E682C,00000004,00000000,00000000), ref: 008AF953
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,008E682C,00000004,00000000,00000000), ref: 008EF3D1
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,008E682C,00000004,00000000,00000000), ref: 008EF454
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ShowWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b6d0614ff77118a3ac6f6da44f5a0f935faf209b9489ba60468bba30c1b5635a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b9edc3e684533a956897458bc64c2337372bbf3e848e6df45fb083d060d043ba
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6d0614ff77118a3ac6f6da44f5a0f935faf209b9489ba60468bba30c1b5635a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F411830218680BAE7788B69888876B7F91FB47318F1C443CE387D2E63C631A881DB51
                                                                                                                                                                                                                                                                                                                                                            Function 00922D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00922D1B
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00922D23
                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00922D2E
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00922D3A
                                                                                                                                                                                                                                                                                                                                                            • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00922D76
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00922D87
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00925A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00922DC2
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00922DE1
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cf999a35aa5e2a1729b1a0c4766e84fd22305935c75f9694703032435f2fe795
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7df2cdf0a111df0c90be60eb25a8acf81daa08e9199bd1a33d575fb0cc8d0140
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf999a35aa5e2a1729b1a0c4766e84fd22305935c75f9694703032435f2fe795
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B317AB2215224BFEB218F50DC8AFEB3BADEF09715F044055FE089A291C6759C51CBA4
                                                                                                                                                                                                                                                                                                                                                            Function 008F5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: afd0015c3864effba1b3b7138aaf5211446b7d117d1529414c380ebe5c775454
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 587c5781fb5d35efe99cf11b737aa51f0b236b1a89fdb15a928aad88ecbc0fb6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: afd0015c3864effba1b3b7138aaf5211446b7d117d1529414c380ebe5c775454
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62219561644A1D77D654A6349DA6FFA239CFE74388F840030FF15DE785F728ED1081A6
                                                                                                                                                                                                                                                                                                                                                            Function 00914FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 337a5b42f2ac99e128e58748f8a585e9961d7def743643b8a998a2c691563cbe
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2e9998836d09ea10ee8993069c719fc066fc11af14b400dfe30d59f337850f8d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 337a5b42f2ac99e128e58748f8a585e9961d7def743643b8a998a2c691563cbe
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26D17071B0060AEFDB10DF98D881BEEB7B9BF88344F168469E915AB281D770DD85CB50
                                                                                                                                                                                                                                                                                                                                                            Function 008D1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,008D17FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 008D15CE
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,008D17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 008D1651
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,008D17FB,?,008D17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 008D16E4
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,008D17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 008D16FB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008C3820: RtlAllocateHeap.NTDLL(00000000,?,00961444,?,008AFDF5,?,?,0089A976,00000010,00961440,008913FC,?,008913C6,?,00891129), ref: 008C3852
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,008D17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 008D1777
                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 008D17A2
                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 008D17AE
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4d3ff908644795f8437521da289979f495ec2efce203045aeca2c3f9bef40b9a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 77cfe1a7553a3ed8c882aae1bec261e55b6a3b81e917058962b7eac9ea85fe6f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d3ff908644795f8437521da289979f495ec2efce203045aeca2c3f9bef40b9a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F091C271F0021AAADF208E64D889AEE7BB5FF49714F18475AE805E7351DB39DD40CBA0
                                                                                                                                                                                                                                                                                                                                                            Function 00914523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                                                                                            • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a8c7d37a5c5f4c80817d737353f2bb0017f54f68858640408ee22605a6eafacc
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5ef03288b82c24aa63e82c84709917b15589a1eca57935d92fbb799d5af697dd
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a8c7d37a5c5f4c80817d737353f2bb0017f54f68858640408ee22605a6eafacc
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F917E71A00219ABDF20CFA5DC44FEEBBB8EF4A715F108559F515AB280D7709985CFA0
                                                                                                                                                                                                                                                                                                                                                            Function 00901187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0090125C
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00901284
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 009012A8
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 009012D8
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0090135F
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 009013C4
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00901430
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5d829e6a3c7029c05f4de04e7698577064b34f1a8c9ad40ddfc84b5229f85426
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f8d4fcf2b37ea6b277d9bc111c26ad70056283df16f82a4d34452c989ecf17ae
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d829e6a3c7029c05f4de04e7698577064b34f1a8c9ad40ddfc84b5229f85426
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BC910471A00219AFEB00DFA8C884BBEB7B9FF45314F144429E951EB2E1D778E941CB91
                                                                                                                                                                                                                                                                                                                                                            Function 008A948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6085ff2506db088b20c7c5a03fe3925442d3a5cb2c9821974ed04c834f2bcd9d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a1145ac603871512a19b94177d030b28bc5be733185f826afa8610ddd4937af2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6085ff2506db088b20c7c5a03fe3925442d3a5cb2c9821974ed04c834f2bcd9d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A913471D08219EFDB10CFA9C885AEEBBB9FF4A320F148049E555F7251D374AA42CB60
                                                                                                                                                                                                                                                                                                                                                            Function 00913947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 0091396B
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 00913A7A
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00913A8A
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00913C1F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00900CDF: VariantInit.OLEAUT32(00000000), ref: 00900D1F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00900CDF: VariantCopy.OLEAUT32(?,?), ref: 00900D28
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00900CDF: VariantClear.OLEAUT32(?), ref: 00900D34
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9cf1358893a9e8e2dda47f195d7e9ef1b38af3228a62bfcbbd1e18b1f05732df
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 732dc732ba238b740dc02f7b86bf293bf638c2e96c937c632ea5b7752f5665f0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9cf1358893a9e8e2dda47f195d7e9ef1b38af3228a62bfcbbd1e18b1f05732df
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A9126746083059FCB14EF28C4809AAB7E8FF89314F14892DF89A97351DB30EE45CB92
                                                                                                                                                                                                                                                                                                                                                            Function 00914BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,008EFF41,80070057,?,?,?,008F035E), ref: 008F002B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008EFF41,80070057,?,?), ref: 008F0046
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008EFF41,80070057,?,?), ref: 008F0054
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008EFF41,80070057,?), ref: 008F0064
                                                                                                                                                                                                                                                                                                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00914C51
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00914D59
                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00914DCF
                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(?), ref: 00914DDA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                                                                                            • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f4787ded3262c71f9a48ab0330593c2ea8c66c47bb5a0e0a42983c66f31f1953
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7c58e249d08aba12c737af15b8ae531fad84510eb952425e47a8e2c47637133a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f4787ded3262c71f9a48ab0330593c2ea8c66c47bb5a0e0a42983c66f31f1953
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 86911671D0021DAFDF14DFA4D891AEEB7B9FF08310F108569E915A7291EB349A44CFA1
                                                                                                                                                                                                                                                                                                                                                            Function 009220FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenu.USER32(?), ref: 00922183
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(00000000), ref: 009221B5
                                                                                                                                                                                                                                                                                                                                                            • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 009221DD
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00922213
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,?), ref: 0092224D
                                                                                                                                                                                                                                                                                                                                                            • GetSubMenu.USER32(?,?), ref: 0092225B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 008F3A57
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F3A3D: GetCurrentThreadId.KERNEL32 ref: 008F3A5E
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008F25B3), ref: 008F3A65
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 009222E3
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008FE97B: Sleep.KERNEL32 ref: 008FE9F3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e6a0b739264a712f40af712c390b885ca4ccbd53e4f32a2c239b14ffa2707866
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bd33319314f0ca079cb8be9c1da693646763d9b62e369a2f5d24e917e0298903
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e6a0b739264a712f40af712c390b885ca4ccbd53e4f32a2c239b14ffa2707866
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6771CF75A04215EFCB14EFA8D881AAEB7F5FF48310F148458E926EB355DB35EE018B90
                                                                                                                                                                                                                                                                                                                                                            Function 00927E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • IsWindow.USER32(00FA5698), ref: 00927F37
                                                                                                                                                                                                                                                                                                                                                            • IsWindowEnabled.USER32(00FA5698), ref: 00927F43
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 0092801E
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00FA5698,000000B0,?,?), ref: 00928051
                                                                                                                                                                                                                                                                                                                                                            • IsDlgButtonChecked.USER32(?,?), ref: 00928089
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(00FA5698,000000EC), ref: 009280AB
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 009280C3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4072528602-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 85b186346edee454a762078b45dd2ded26b9df1c0b41c03eec2a89fcba33626b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 373a4acfe1128064269708c3973d68d8ac363e24c30fee13a76b4324c2cb5ee0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 85b186346edee454a762078b45dd2ded26b9df1c0b41c03eec2a89fcba33626b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E771C27460D224AFEB209F94ED84FFABBB9FF09300F140459F945A72A9CB31A845DB11
                                                                                                                                                                                                                                                                                                                                                            Function 008FAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 008FAEF9
                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 008FAF0E
                                                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(?), ref: 008FAF6F
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000010,?), ref: 008FAF9D
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000011,?), ref: 008FAFBC
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000012,?), ref: 008FAFFD
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,0000005B,?), ref: 008FB020
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 634bb1e444bd1849c31ddfbc6d8d9a6361e9ea2c103833bd2436081605173ce1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9e2a8b006d06ee5c0f006963ffa10fea6fb79e6d347324b9c7defab91ca16186
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 634bb1e444bd1849c31ddfbc6d8d9a6361e9ea2c103833bd2436081605173ce1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A751E5E06147D93DFB364234CC45BBA7EA9FB06314F088589E2E9D94C2C798ACC4D761
                                                                                                                                                                                                                                                                                                                                                            Function 008FACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(00000000), ref: 008FAD19
                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 008FAD2E
                                                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(?), ref: 008FAD8F
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 008FADBB
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 008FADD8
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 008FAE17
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 008FAE38
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7d1205352a24a88b5dfce8c98c2bcc08cf9a2cef759970da1931f1d2d9979aea
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7b0839f7c07967f6f479c16071f6c086473e423640365580cbdbde8624a40e60
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7d1205352a24a88b5dfce8c98c2bcc08cf9a2cef759970da1931f1d2d9979aea
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9651E6E15047D93DFB3A9334CC85B7A7EA9FB45310F088488E2D9D68C2D294EC88D762
                                                                                                                                                                                                                                                                                                                                                            Function 008C542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetConsoleCP.KERNEL32(008D3CD6,?,?,?,?,?,?,?,?,008C5BA3,?,?,008D3CD6,?,?), ref: 008C5470
                                                                                                                                                                                                                                                                                                                                                            • __fassign.LIBCMT ref: 008C54EB
                                                                                                                                                                                                                                                                                                                                                            • __fassign.LIBCMT ref: 008C5506
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,008D3CD6,00000005,00000000,00000000), ref: 008C552C
                                                                                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,008D3CD6,00000000,008C5BA3,00000000,?,?,?,?,?,?,?,?,?,008C5BA3,?), ref: 008C554B
                                                                                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,008C5BA3,00000000,?,?,?,?,?,?,?,?,?,008C5BA3,?), ref: 008C5584
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b6293a5b8226746dfd527460bfd9587047d9121c07c37967c770679e460e58a9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b592460fed2bca848e05c41f4c8fd21d8996e41d5ba95262b13059c7a138133f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6293a5b8226746dfd527460bfd9587047d9121c07c37967c770679e460e58a9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E4518BB0A04609AFDF10CFA8D895FEEBBB9FB09300F14451EE555E7291D670EA81CB60
                                                                                                                                                                                                                                                                                                                                                            Function 008B2D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 008B2D4B
                                                                                                                                                                                                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 008B2D53
                                                                                                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 008B2DE1
                                                                                                                                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 008B2E0C
                                                                                                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 008B2E61
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e66edebde9864b0690a57c6b9f7bd209fab6d175a2fc7030b0ff66a0ef9a2691
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: dc2cb48e3bed56a5415cf978573bb71bc58f26813bf0c546020e8e3c9d08ffd9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e66edebde9864b0690a57c6b9f7bd209fab6d175a2fc7030b0ff66a0ef9a2691
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 25418034A0020DABCF10DF69C855ADEBBA5FF45328F188165E815EB392D731AA15CB91
                                                                                                                                                                                                                                                                                                                                                            Function 009110B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0091304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0091307A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0091304E: _wcslen.LIBCMT ref: 0091309B
                                                                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00911112
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00911121
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 009111C9
                                                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 009111F9
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e9aa77a039887a0dd765558acdf8bd0122ff19a201c9d8a5e5cb14c40b640f3b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 22a35a41bc04913a2de8b766ffa6354d49273f3df5d95f505aa87a030de26cf3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e9aa77a039887a0dd765558acdf8bd0122ff19a201c9d8a5e5cb14c40b640f3b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4F41C171704208BFDB209F18D884BEABBE9FF45324F148059FA199B291D774AD81CBA1
                                                                                                                                                                                                                                                                                                                                                            Function 008FCF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008FDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,008FCF22,?), ref: 008FDDFD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008FDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,008FCF22,?), ref: 008FDE16
                                                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 008FCF45
                                                                                                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 008FCF7F
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008FD005
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008FD01B
                                                                                                                                                                                                                                                                                                                                                            • SHFileOperationW.SHELL32(?), ref: 008FD061
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c880c18f76dd0ba268155bc24e5077ee26de3664f8bcc1b405367984ea6d4f50
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: edcf2192ab8c5ca1cb3eaa2f4f0cca250430c6179b4fc351566481e6e1f45ccd
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c880c18f76dd0ba268155bc24e5077ee26de3664f8bcc1b405367984ea6d4f50
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8841437194521C5FDF12EBB4CA81AEEB7B9FF48380F1000A6E605EB151EE74A785CB51
                                                                                                                                                                                                                                                                                                                                                            Function 00922DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00922E1C
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00922E4F
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00922E84
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00922EB6
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00922EE0
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00922EF1
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00922F0B
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6a92ed916b0888ba1bc6f5b2d4d497c43ef927f246aff564aadca37a0e3cb071
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e01ae4b2c0cdd4ce06c9183b634a134414fd44c1c187d16810481b9aef96ed76
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a92ed916b0888ba1bc6f5b2d4d497c43ef927f246aff564aadca37a0e3cb071
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 83310630619161AFDB21CF58EC84F6937E5FB9A710F1A0164F9118F2B5CBB1A841EF41
                                                                                                                                                                                                                                                                                                                                                            Function 008F7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 008F7769
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 008F778F
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 008F7792
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 008F77B0
                                                                                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 008F77B9
                                                                                                                                                                                                                                                                                                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 008F77DE
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 008F77EC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 203b47803fd42c2dd4d0d8840679fa9c68a6cdefbb3c47b0a38520c32ec81546
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e9e6fc68a0eb46b68f965b5e33d84bc5698acfb6ee08f82ada5813b1ff1a96f9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 203b47803fd42c2dd4d0d8840679fa9c68a6cdefbb3c47b0a38520c32ec81546
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E7217F7661821DAFEB10AFB8DC88CBB77ACFB097647148025FA15DB161D6709C428BA4
                                                                                                                                                                                                                                                                                                                                                            Function 008F77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 008F7842
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 008F7868
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 008F786B
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32 ref: 008F788C
                                                                                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32 ref: 008F7895
                                                                                                                                                                                                                                                                                                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 008F78AF
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 008F78BD
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0fbd55c62808d6a289e1fc6f1909bd397bf1db2db8ae2c467517df6e3872fa74
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 106eef1435e90334adef503a7c21a74bacd9e414670f5ecc175c18d1fa6a5dbd
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0fbd55c62808d6a289e1fc6f1909bd397bf1db2db8ae2c467517df6e3872fa74
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56216571618108AFEB10AFB8DC89DBA77ECFB097607108135FA15CB1A1D674DC41DB68
                                                                                                                                                                                                                                                                                                                                                            Function 009004D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(0000000C), ref: 009004F2
                                                                                                                                                                                                                                                                                                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0090052E
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                            • String ID: nul
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d3246833ab0382e81860d8326f21dec78413d79018fcee45a3de75b83d72e244
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f1143f5d1943ad830d9958046cbb5bf798e4b3ed53822f8a4bb72b7ea8ef79bf
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d3246833ab0382e81860d8326f21dec78413d79018fcee45a3de75b83d72e244
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 322148B5500205AFDB209F2ADC45B9E7BF8AF85724F204A29F8A1D62E0E7709951DF20
                                                                                                                                                                                                                                                                                                                                                            Function 009005A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F6), ref: 009005C6
                                                                                                                                                                                                                                                                                                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00900601
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                            • String ID: nul
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 190284e45730e21fa3af0b0b23c80e2a3e00c1037b4c5f2655fcf02a371b6645
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f2bf7810041671630fa85112cfae38be9079d18335776ad754fba35c4ef967b2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 190284e45730e21fa3af0b0b23c80e2a3e00c1037b4c5f2655fcf02a371b6645
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44218E755003059FDB209F69DC04B9A77E9AFD5B20F200B19F8A1E72E0DBB199A1DB20
                                                                                                                                                                                                                                                                                                                                                            Function 009240AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0089600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0089604C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0089600E: GetStockObject.GDI32(00000011), ref: 00896060
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0089600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0089606A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00924112
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0092411F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0092412A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00924139
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00924145
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 64fd43cc0ddeb635a593b48e198abb2fcaa461eb1be92149fb2b8a4aa9891e83
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0efd9c9b96ac09b85b2a438241979306f9ca557c9472af2ace9f678fb67c96b7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 64fd43cc0ddeb635a593b48e198abb2fcaa461eb1be92149fb2b8a4aa9891e83
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA11B6B11502297EEF119F64DC85EE77F5DEF18798F014110FA18A2090C7729C61DBA4
                                                                                                                                                                                                                                                                                                                                                            Function 008CD7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008CD7A3: _free.LIBCMT ref: 008CD7CC
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CD82D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000), ref: 008C29DE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008C29C8: GetLastError.KERNEL32(00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000,00000000), ref: 008C29F0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CD838
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CD843
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CD897
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CD8A2
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CD8AD
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CD8B8
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 65305edde989446064f66b714a0c882fc34282cb9b7e0cf5fa8ba4d96dc5e5ed
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4511F971540B04AAD621BFB4CC46FCB7BBCFF04700F40982DB29DE6892DA75E5098662
                                                                                                                                                                                                                                                                                                                                                            Function 008FDA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 008FDA74
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000), ref: 008FDA7B
                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 008FDA91
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000), ref: 008FDA98
                                                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 008FDADC
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            • %s (%d) : ==> %s: %s %s, xrefs: 008FDAB9
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                                                                                            • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1eeec99c28fbeff39b36ddf685a2f3e0182db3c69b347328bbcdf80824dfb73a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0f781f505ab670d052c7447d9473b38d5f222099a1790ee591523d8b73c74d20
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1eeec99c28fbeff39b36ddf685a2f3e0182db3c69b347328bbcdf80824dfb73a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E0162F25042187FE720DBA49D89EFF326CEB08305F400492B746E2041E6749E854F74
                                                                                                                                                                                                                                                                                                                                                            Function 0090096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00F9E700,00F9E700), ref: 0090097B
                                                                                                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00F9E6E0,00000000), ref: 0090098D
                                                                                                                                                                                                                                                                                                                                                            • TerminateThread.KERNEL32(?,000001F6), ref: 0090099B
                                                                                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000003E8), ref: 009009A9
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 009009B8
                                                                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00F9E700,000001F6), ref: 009009C8
                                                                                                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(00F9E6E0), ref: 009009CF
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 857520afe34f80b9ab1e3fef3c817f6b7e41565e80696c08059e1791fc34165d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3e491ae7e93b7133c74f047f371676d6d0f796818ebf393d6248bda8b118b5f8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 857520afe34f80b9ab1e3fef3c817f6b7e41565e80696c08059e1791fc34165d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62F01D7145A902EBD7615B94EE89BDA7A29BF41702F501015F111508A1CB749466DF90
                                                                                                                                                                                                                                                                                                                                                            Function 00911C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00911DC0
                                                                                                                                                                                                                                                                                                                                                            • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00911DE1
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00911DF2
                                                                                                                                                                                                                                                                                                                                                            • htons.WSOCK32(?,?,?,?,?), ref: 00911EDB
                                                                                                                                                                                                                                                                                                                                                            • inet_ntoa.WSOCK32(?), ref: 00911E8C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F39E8: _strlen.LIBCMT ref: 008F39F2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00913224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,0090EC0C), ref: 00913240
                                                                                                                                                                                                                                                                                                                                                            • _strlen.LIBCMT ref: 00911F35
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3f6cfb22a62476add1743d340217cdbfca38686d9d4422c97b7308632dfd8912
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c9e13be78eadd1bc9490f7bf5f1111db6b7fe40bfd7b22fc91f30e74f43c6b2b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3f6cfb22a62476add1743d340217cdbfca38686d9d4422c97b7308632dfd8912
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D7B1C331204304AFD724DF28C885E6A77A5FF85318F58854CF5569B3A2DB71ED82CB92
                                                                                                                                                                                                                                                                                                                                                            Function 00895D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00895D30
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00895D71
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00895D99
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00895ED7
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00895EF8
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 75fe73657812472fcfa438f4c16d93a1e25eab13ebe0414d0f4fc8233774502d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8396b3010a3de0f5c93e6b5f9602ba207206a21549e88e703b69f4cf05750eb1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75fe73657812472fcfa438f4c16d93a1e25eab13ebe0414d0f4fc8233774502d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 41B16875A00A4ADBDF10DFA9C4807EEB7F1FF48310F18951AE8AAD7250DB30AA51DB50
                                                                                                                                                                                                                                                                                                                                                            Function 008C01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 008C00BA
                                                                                                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008C00D6
                                                                                                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 008C00ED
                                                                                                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008C010B
                                                                                                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 008C0122
                                                                                                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008C0140
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c81cc3136cad4843ebe30626d44e2ad55db3a3b3989d4093b199840fd3171e95
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2281B471A00B069BE7249E6CCC42FAAB3F9FF51764F24452EF551D6782EB70D9008B51
                                                                                                                                                                                                                                                                                                                                                            Function 008C61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,008B82D9,008B82D9,?,?,?,008C644F,00000001,00000001,8BE85006), ref: 008C6258
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,008C644F,00000001,00000001,8BE85006,?,?,?), ref: 008C62DE
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 008C63D8
                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 008C63E5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008C3820: RtlAllocateHeap.NTDLL(00000000,?,00961444,?,008AFDF5,?,?,0089A976,00000010,00961440,008913FC,?,008913C6,?,00891129), ref: 008C3852
                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 008C63EE
                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 008C6413
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b77d8afe14024f8bc1b8176401cf181ed45c23648e5510c59450eaf90c41e8f8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 00a6fa6a01e98331b076555144ebd437dc84c57c9b8fbbb4d7d8c6cb67bc86a7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b77d8afe14024f8bc1b8176401cf181ed45c23648e5510c59450eaf90c41e8f8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9651AB72A00256ABEB258E74CC81FAF7BB9FB44750F14463DF805D6281EB34DC61D6A0
                                                                                                                                                                                                                                                                                                                                                            Function 0091BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0091C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0091B6AE,?,?), ref: 0091C9B5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0091C998: _wcslen.LIBCMT ref: 0091C9F1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0091C998: _wcslen.LIBCMT ref: 0091CA68
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0091C998: _wcslen.LIBCMT ref: 0091CA9E
                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0091BCCA
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0091BD25
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0091BD6A
                                                                                                                                                                                                                                                                                                                                                            • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0091BD99
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0091BDF3
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0091BDFF
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6f4a6ad9369bceced647043dd427a27991901e0597451e8b0ded69a0d2118829
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5a435f89c20372edb4b16ee94332493d9d3bb5f2c903e5320d383da0a214bfc5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f4a6ad9369bceced647043dd427a27991901e0597451e8b0ded69a0d2118829
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9881A270208245EFD714DF28C895E6ABBE9FF84308F14895CF5958B2A2DB31ED45CB92
                                                                                                                                                                                                                                                                                                                                                            Function 008EF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(00000035), ref: 008EF7B9
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000001), ref: 008EF860
                                                                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(008EFA64,00000000), ref: 008EF889
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(008EFA64), ref: 008EF8AD
                                                                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(008EFA64,00000000), ref: 008EF8B1
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 008EF8BB
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c0af75aaef5afee4f197454313121b09f81d4e959be31e6f2574823227c77a75
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9ca8350f74e326352851bafe0a91b227ea8cc2988ec26141465bb7de48c4b8db
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c0af75aaef5afee4f197454313121b09f81d4e959be31e6f2574823227c77a75
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C151D431610354ABDF20BB6AD895B29B7A8FF47314B248466FA05DF293DB708C40CB97
                                                                                                                                                                                                                                                                                                                                                            Function 0090910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00897620: _wcslen.LIBCMT ref: 00897625
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00896B57: _wcslen.LIBCMT ref: 00896B6A
                                                                                                                                                                                                                                                                                                                                                            • GetOpenFileNameW.COMDLG32(00000058), ref: 009094E5
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00909506
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0090952D
                                                                                                                                                                                                                                                                                                                                                            • GetSaveFileNameW.COMDLG32(00000058), ref: 00909585
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                                                                                            • String ID: X
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 15dec94fbfb069ec1e0b64fbc316727f056fd7d80f23ba9cc78f2bd1653d7a81
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b7740c51931fb2979f0764ffea68850a5093cfaeff8d4979e81854ff00d0900b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15dec94fbfb069ec1e0b64fbc316727f056fd7d80f23ba9cc78f2bd1653d7a81
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3AE18471508301DFDB14EF29C881A6AB7E4FF85314F08896DF8999B2A2DB31DD05CB92
                                                                                                                                                                                                                                                                                                                                                            Function 008A920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008A9BB2
                                                                                                                                                                                                                                                                                                                                                            • BeginPaint.USER32(?,?,?), ref: 008A9241
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 008A92A5
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 008A92C2
                                                                                                                                                                                                                                                                                                                                                            • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 008A92D3
                                                                                                                                                                                                                                                                                                                                                            • EndPaint.USER32(?,?,?,?,?), ref: 008A9321
                                                                                                                                                                                                                                                                                                                                                            • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 008E71EA
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A9339: BeginPath.GDI32(00000000), ref: 008A9357
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7045db4160a6d269ecc37e10f43e2ccfc2cb958844391962f9e1a39199f66b83
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6514513352579e1f14233a119fc3ae45abc0ff542154cfd4ba8e7777d833efe3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7045db4160a6d269ecc37e10f43e2ccfc2cb958844391962f9e1a39199f66b83
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F41AE7010D301AFEB20DF25D885FAA7BB8FF46764F140269F9A4C72A1C7719845EB62
                                                                                                                                                                                                                                                                                                                                                            Function 009007EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,000001F5), ref: 0090080C
                                                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00900847
                                                                                                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 00900863
                                                                                                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 009008DC
                                                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 009008F3
                                                                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,000001F6), ref: 00900921
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 558d604779d6a9c670b35c87ce92711cc155d5001113ff0ac47b31e0d0a61005
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cfbdb0ef9748b209feeb7fee04a916a0aea0e29fca6a5fc4e73856daf9881cb0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 558d604779d6a9c670b35c87ce92711cc155d5001113ff0ac47b31e0d0a61005
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E5415A71900205EFEF149F94DC85AAA77B8FF44300F1480A5ED00DA297DB31DE65DBA5
                                                                                                                                                                                                                                                                                                                                                            Function 009281DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,008EF3AB,00000000,?,?,00000000,?,008E682C,00000004,00000000,00000000), ref: 0092824C
                                                                                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(?,00000000), ref: 00928272
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000000), ref: 009282D1
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000004), ref: 009282E5
                                                                                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(?,00000001), ref: 0092830B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0092832F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c9cc1d86644e4ef5560025918ff80869896e6772d6c14bdcb9c724e0c676af7c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 68e1a8ed01fa9429796503f7057bec6fe4284c1b8f665c5e4bb68997936aa214
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c9cc1d86644e4ef5560025918ff80869896e6772d6c14bdcb9c724e0c676af7c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5041F430606650EFDB25CF14E899BE97BE4FF0A754F1842A8E5184F2B6CB72A841DF50
                                                                                                                                                                                                                                                                                                                                                            Function 008F4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • IsWindowVisible.USER32(?), ref: 008F4C95
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 008F4CB2
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 008F4CEA
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008F4D08
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 008F4D10
                                                                                                                                                                                                                                                                                                                                                            • _wcsstr.LIBVCRUNTIME ref: 008F4D1A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 82cac7b7853a26285e0a830524b0d367de497867463734a5a72bb937ac88cc57
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 537b091b17044012b5dba95419939518f53c69d59044c6dab0b6eedbfb7e1e35
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82cac7b7853a26285e0a830524b0d367de497867463734a5a72bb937ac88cc57
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 532129712042097BFB256B799C09E7F7B9CFF45750F10502AFA05CA192DA75DC0192A1
                                                                                                                                                                                                                                                                                                                                                            Function 0090581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00893AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00893A97,?,?,00892E7F,?,?,?,00000000), ref: 00893AC2
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0090587B
                                                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 00905995
                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(0092FCF8,00000000,00000001,0092FB68,?), ref: 009059AE
                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 009059CC
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: aea3980d4193be85dd1a5700f45b741ef75db5cc2d60cd1b7a08ee89e5957a29
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 27cea194cf9f5b5c9a96783e697fa603594365ea1c7ba99399ed329dd8538d89
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aea3980d4193be85dd1a5700f45b741ef75db5cc2d60cd1b7a08ee89e5957a29
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90D143716086019FCB14EF18C480A2BBBE5FF89714F568859F8999B3A1DB31EC45CF92
                                                                                                                                                                                                                                                                                                                                                            Function 008F175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 008F0FCA
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 008F0FD6
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 008F0FE5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 008F0FEC
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 008F1002
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000000,008F1335), ref: 008F17AE
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000000), ref: 008F17BA
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 008F17C1
                                                                                                                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000,00000000,?), ref: 008F17DA
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,008F1335), ref: 008F17EE
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 008F17F5
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: dfc1f61f9a236aec6525dd39800802a12a59efc8a2ea54b51a6f13e3b30f3348
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1b99460e19df00db4ffe5b25b3e6dcba58ed969b77b093cf764619e6d1fe5346
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dfc1f61f9a236aec6525dd39800802a12a59efc8a2ea54b51a6f13e3b30f3348
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A119A71914209EFDF20AFA4CC4ABBF7BA9FB41355F104018F545D7215C735A945DB60
                                                                                                                                                                                                                                                                                                                                                            Function 008F14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 008F14FF
                                                                                                                                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 008F1506
                                                                                                                                                                                                                                                                                                                                                            • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 008F1515
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000004), ref: 008F1520
                                                                                                                                                                                                                                                                                                                                                            • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 008F154F
                                                                                                                                                                                                                                                                                                                                                            • DestroyEnvironmentBlock.USERENV(00000000), ref: 008F1563
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1413079979-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fe1ac81b5291865aeff939b341a7f2d619fe872d39148d741aca4907ad429fb5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8ac34d0e7f981c7a833ef3dd89a91aa7e36b518aa7c59537b7e9f8763331c4bd
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fe1ac81b5291865aeff939b341a7f2d619fe872d39148d741aca4907ad429fb5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A21117B250424DEBDF218FA8DD49BEE7BA9FF48748F144015FA05E2060C3758E65AB64
                                                                                                                                                                                                                                                                                                                                                            Function 008B3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,008B3379,008B2FE5), ref: 008B3390
                                                                                                                                                                                                                                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 008B339E
                                                                                                                                                                                                                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 008B33B7
                                                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,008B3379,008B2FE5), ref: 008B3409
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9725498b3e9ce272ab320201ede4a67ffa3245bf5d7cb25f097bb5743ccaf592
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f3843b94d3eb060816aeb731c0f98f05000390a25617de0180a93676b6062eab
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9725498b3e9ce272ab320201ede4a67ffa3245bf5d7cb25f097bb5743ccaf592
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B4014C7321C711BEAA242779BC86AD72F94FB2937A7200229F410C13F1FF114D06B244
                                                                                                                                                                                                                                                                                                                                                            Function 008C2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,008C5686,008D3CD6,?,00000000,?,008C5B6A,?,?,?,?,?,008BE6D1,?,00958A48), ref: 008C2D78
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008C2DAB
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008C2DD3
                                                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,008BE6D1,?,00958A48,00000010,00894F4A,?,?,00000000,008D3CD6), ref: 008C2DE0
                                                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,008BE6D1,?,00958A48,00000010,00894F4A,?,?,00000000,008D3CD6), ref: 008C2DEC
                                                                                                                                                                                                                                                                                                                                                            • _abort.LIBCMT ref: 008C2DF2
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 785c01de04452403a343c4518a5c8f9f56ce4cdde33b170d693e484e2a4c01f2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: acfbf2508c6e3fe008dd9abc01ae59dac748481b46037c1a828bde75ceb8407c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 785c01de04452403a343c4518a5c8f9f56ce4cdde33b170d693e484e2a4c01f2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D5F0A471508B056BC622773DBC06F1E2679FBD17A6F24451CF925D21D2EF34C8065162
                                                                                                                                                                                                                                                                                                                                                            Function 00928A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 008A9693
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A9639: SelectObject.GDI32(?,00000000), ref: 008A96A2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A9639: BeginPath.GDI32(?), ref: 008A96B9
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A9639: SelectObject.GDI32(?,00000000), ref: 008A96E2
                                                                                                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00928A4E
                                                                                                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,00000003,00000000), ref: 00928A62
                                                                                                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00928A70
                                                                                                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,00000000,00000003), ref: 00928A80
                                                                                                                                                                                                                                                                                                                                                            • EndPath.GDI32(?), ref: 00928A90
                                                                                                                                                                                                                                                                                                                                                            • StrokePath.GDI32(?), ref: 00928AA0
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e35991cb2a25d683a2dbe62942e4539640db5a03e0915dfb127cada377b1275a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3de60fd1ec9568026d009b60cdd3aef0d763d0b783cab860b15198f07e61385f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e35991cb2a25d683a2dbe62942e4539640db5a03e0915dfb127cada377b1275a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53110C76044118FFEF129F94EC48E9A7F6CEB08350F048011FA1995161C7719D55EBA0
                                                                                                                                                                                                                                                                                                                                                            Function 008F51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 008F5218
                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 008F5229
                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 008F5230
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 008F5238
                                                                                                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(000009EC,?,00000000), ref: 008F524F
                                                                                                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(000009EC,00000001,?), ref: 008F5261
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9b2817c7ee01dcd5f80f787d5017437d8a7acd3bd9bc973a517b38a8e6fdfbb9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a861ca3202c212cbc79cc8c67620575fee052b21dbe0a1db3d2ceb64509d7d38
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b2817c7ee01dcd5f80f787d5017437d8a7acd3bd9bc973a517b38a8e6fdfbb9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 48018FB5E04709BBEB109BB69C49A5EBFB8FF48751F044165FB04E7281DA709801DFA0
                                                                                                                                                                                                                                                                                                                                                            Function 00891BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00891BF4
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000010,00000000), ref: 00891BFC
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00891C07
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00891C12
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000011,00000000), ref: 00891C1A
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00891C22
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Virtual
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 162e399e505a24b591f771e77441393ccb3f858eaabe6e0e54d0adaf209772d7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: eea579446825d141c8d2115a1b9c3dbf81a4614a7054e69e288f98ad2198da46
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 162e399e505a24b591f771e77441393ccb3f858eaabe6e0e54d0adaf209772d7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A0167B0902B5ABDE3008F6A8C85B56FFA8FF19354F00411BA15C4BA42C7F5A864CBE5
                                                                                                                                                                                                                                                                                                                                                            Function 008FEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 008FEB30
                                                                                                                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 008FEB46
                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,?), ref: 008FEB55
                                                                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 008FEB64
                                                                                                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 008FEB6E
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 008FEB75
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 582d84ade9999b157b33cbb2b4f515448ace16cf7c0647282106e514cc6af3f1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 56dc89909e2670e020781df9c12ef30adc5b0402b38b5af24c85de44155e6bb3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 582d84ade9999b157b33cbb2b4f515448ace16cf7c0647282106e514cc6af3f1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E6F05EB2254559BBE7315B629C0EEEF3E7CEFCAB11F000158F601E1091D7A05A02E6B5
                                                                                                                                                                                                                                                                                                                                                            Function 008E7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?), ref: 008E7452
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001328,00000000,?), ref: 008E7469
                                                                                                                                                                                                                                                                                                                                                            • GetWindowDC.USER32(?), ref: 008E7475
                                                                                                                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,?,?), ref: 008E7484
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 008E7496
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000005), ref: 008E74B0
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9ab00138564560753740fde624b3eacba3508fd21e80e5ac97f7cb8c3ea76a6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8e296297f82087dfe65852ddcda8075874d5b04e797991ab2645d11f69411d79
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ab00138564560753740fde624b3eacba3508fd21e80e5ac97f7cb8c3ea76a6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8201867141820AFFEB215FA4DC08BAE7BB5FF05325F200064FA16A21A1CB311E52BB50
                                                                                                                                                                                                                                                                                                                                                            Function 008F1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 008F187F
                                                                                                                                                                                                                                                                                                                                                            • UnloadUserProfile.USERENV(?,?), ref: 008F188B
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 008F1894
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 008F189C
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 008F18A5
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 008F18AC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2b8441044dd6da01261c9ebb56d09458b8a5b60d229e60207c9768dfa2afa097
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9366f82320da1377446cc83df21c79aa5d93bb69bdba0f6ee770553e3302b352
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b8441044dd6da01261c9ebb56d09458b8a5b60d229e60207c9768dfa2afa097
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EFE0E5B601C501BBDB115FA1ED0D90EBF39FF49B22B208620F22581075CB329432EF50
                                                                                                                                                                                                                                                                                                                                                            Function 008FC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00897620: _wcslen.LIBCMT ref: 00897625
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 008FC6EE
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008FC735
                                                                                                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 008FC79C
                                                                                                                                                                                                                                                                                                                                                            • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 008FC7CA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ae7cc605f7f8b216c7ccbd437384f2b7378e50f1c11f3fc9e79710cd20e04a9d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9dc2b56abebf46eddb74e9a0b7973a0833bec75c3f91d596068b0da56ccf200c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ae7cc605f7f8b216c7ccbd437384f2b7378e50f1c11f3fc9e79710cd20e04a9d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E751FF7161830C9BD714AF3CCA84A7B77E4FF89314F080A2DFA91D21A0DB64DA04CB52
                                                                                                                                                                                                                                                                                                                                                            Function 0091AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ShellExecuteExW.SHELL32(0000003C), ref: 0091AEA3
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00897620: _wcslen.LIBCMT ref: 00897625
                                                                                                                                                                                                                                                                                                                                                            • GetProcessId.KERNEL32(00000000), ref: 0091AF38
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0091AF67
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: <$@
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: edd09bffa8cc82945237127ccadd4c621a6844384a685d5a6e65eead57ca5fb4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a0c46bd643ca9c00889b24b1f5d8d383344979f7e2bd875f09d352614bc38b43
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: edd09bffa8cc82945237127ccadd4c621a6844384a685d5a6e65eead57ca5fb4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 87713775A006199FCB14EF58C484A9EBBF4FF08314F048499E816AB3A2C775ED85CB92
                                                                                                                                                                                                                                                                                                                                                            Function 008F719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 008F7206
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 008F723C
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 008F724D
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 008F72CF
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 279d0af7ee091cada4c303505f3116fc89a0e2fc0ca3d8f4bba1ac5372c4bc2e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 36f87cb9f829e51b57e1f5932161cd46d6297e31bde84e300c10442857d4c881
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 279d0af7ee091cada4c303505f3116fc89a0e2fc0ca3d8f4bba1ac5372c4bc2e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C416471604208DFEB15CF64C885AAA7BB9FF44314F1480ADBE06DF20AD7B1D945DBA0
                                                                                                                                                                                                                                                                                                                                                            Function 00923D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00923E35
                                                                                                                                                                                                                                                                                                                                                            • IsMenu.USER32(?), ref: 00923E4A
                                                                                                                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00923E92
                                                                                                                                                                                                                                                                                                                                                            • DrawMenuBar.USER32 ref: 00923EA5
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2ad7abd2a4ad207f45cd08c01df3d9a2624ca250d76648dd510d55eb3ecc3a0a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7f9a09f8ccb554807fb5ae09e4c9835d687979b188446115cd6d806225fd61d6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ad7abd2a4ad207f45cd08c01df3d9a2624ca250d76648dd510d55eb3ecc3a0a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52416A75A10219AFDB10DF50E884EAABBB9FF48350F058029F905A7250D738EE49DF91
                                                                                                                                                                                                                                                                                                                                                            Function 008F1DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 008F3CCA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 008F1E66
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 008F1E79
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000189,?,00000000), ref: 008F1EA9
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00896B57: _wcslen.LIBCMT ref: 00896B6A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cbbb22d1a61138ca0ae6bfe9bdb98add6a9fb0f3f3f2f896d34240e079b5c48a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f879df4a10f91db22a8f3084f8c8e93f623f407823ccb268df519e9a891be1ad
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cbbb22d1a61138ca0ae6bfe9bdb98add6a9fb0f3f3f2f896d34240e079b5c48a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A521E571A00108BADF14ABB9DC59CFFB7B8FF45364B144129F925E71E1DB34490AD621
                                                                                                                                                                                                                                                                                                                                                            Function 00922F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00922F8D
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(?), ref: 00922F94
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00922FA9
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00922FB1
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c8ef3c2749f503ebb21a8fb4040a25deb044eb97a6a295d9d45c29a0f453641e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 17a8b5ca5daf193e63c7f3f14043255c30bf4c8ec3b5813a290b7c59d7391452
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c8ef3c2749f503ebb21a8fb4040a25deb044eb97a6a295d9d45c29a0f453641e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4521AE71204215BBEB208F64ED80FFB77BDEB59364F100618F950D2198D771DC51A760
                                                                                                                                                                                                                                                                                                                                                            Function 008B4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,008B4D1E,008C28E9,?,008B4CBE,008C28E9,009588B8,0000000C,008B4E15,008C28E9,00000002), ref: 008B4D8D
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 008B4DA0
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,008B4D1E,008C28E9,?,008B4CBE,008C28E9,009588B8,0000000C,008B4E15,008C28E9,00000002,00000000), ref: 008B4DC3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 57d2189672784ec5dbc28f44ae14053a8234771764cdb62c03eaacbe2d800155
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 219a1ab693b85528c9f5fc67158d99352c3ecb95ecacb7628ea07242050373e8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 57d2189672784ec5dbc28f44ae14053a8234771764cdb62c03eaacbe2d800155
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B2F0AF70A14208BBDB209F90DC0ABEEBBB4EF44752F0400A4F806E22A1CB305941EF90
                                                                                                                                                                                                                                                                                                                                                            Function 00894E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00894EDD,?,00961418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00894E9C
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00894EAE
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00894EDD,?,00961418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00894EC0
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: bb3764242af25ccf8875f94623771d38bf81281cd4fe5137e1873f013118601e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a9076c19f736bd579ecdd0468ec54184cc2291c82589bf86e75f5e575a6dbaea
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bb3764242af25ccf8875f94623771d38bf81281cd4fe5137e1873f013118601e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BDE08675A195225B973127257C19E5F6654FFC1B737090115FC05D2101DB60CD0791E0
                                                                                                                                                                                                                                                                                                                                                            Function 00894E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,008D3CDE,?,00961418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00894E62
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00894E74
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,008D3CDE,?,00961418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00894E87
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a7b161a1ee95379cf5ea520ff6fd16736da689df435fe526461b3b213e3bd779
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ac867e7de419affc7306ff5c3b30c6475d0139bbc80c339d1563c5a03f36ff9f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7b161a1ee95379cf5ea520ff6fd16736da689df435fe526461b3b213e3bd779
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8CD0C23292AA31574A322B257C09D8F2A18FF85B653490110BC04E2215CF20CD13D1D0
                                                                                                                                                                                                                                                                                                                                                            Function 00902947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00902C05
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?), ref: 00902C87
                                                                                                                                                                                                                                                                                                                                                            • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00902C9D
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00902CAE
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00902CC0
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: dafd7fb3286a6b3cf1da4acb73d7ea92201945006fa2a5459a2e096311a79049
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e40e45d5a45c50a0efa2856419dc371cdbf4534d2142af3f02765566630b5abb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dafd7fb3286a6b3cf1da4acb73d7ea92201945006fa2a5459a2e096311a79049
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DFB12071D00119AFDF25EBA4CC89EDEB7BDFF49350F1040A6FA09E6191EA349A448F61
                                                                                                                                                                                                                                                                                                                                                            Function 0091A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 0091A427
                                                                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0091A435
                                                                                                                                                                                                                                                                                                                                                            • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0091A468
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0091A63D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 670eeeacfe6bcf670f1a57c3a9d5e6b77d524262143cab812119e40f78951984
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 647ecda9a7908990410be67196bf5de33223349a39720ad3b97c59b0e3bf0dc1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 670eeeacfe6bcf670f1a57c3a9d5e6b77d524262143cab812119e40f78951984
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80A17E716043009FD720EF28D886B2AB7E5FF84714F14885DF55ADB292DBB1EC418B92
                                                                                                                                                                                                                                                                                                                                                            Function 008CBB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00933700), ref: 008CBB91
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,0096121C,000000FF,00000000,0000003F,00000000,?,?), ref: 008CBC09
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00961270,000000FF,?,0000003F,00000000,?), ref: 008CBC36
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CBB7F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000), ref: 008C29DE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008C29C8: GetLastError.KERNEL32(00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000,00000000), ref: 008C29F0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CBD4B
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1286116820-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d0d6133b49713e9cbf8528494a207a4b5d191d570234197e9311b2324af7d795
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8e8947c7710687a81c8ee79ab6ac1f377d6d0f82a1de2e74668f5e5eea735344
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d0d6133b49713e9cbf8528494a207a4b5d191d570234197e9311b2324af7d795
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0451E571904609AFCB14EF799C82EAEB7B8FF40360F14426EE520D7291EB70DE409B51
                                                                                                                                                                                                                                                                                                                                                            Function 008FE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008FDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,008FCF22,?), ref: 008FDDFD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008FDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,008FCF22,?), ref: 008FDE16
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008FE199: GetFileAttributesW.KERNEL32(?,008FCF95), ref: 008FE19A
                                                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 008FE473
                                                                                                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 008FE4AC
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008FE5EB
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008FE603
                                                                                                                                                                                                                                                                                                                                                            • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 008FE650
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f62705e242f4c59cfc6c754ebe85f4b3fc2837e9be5a967aacc7b7268909d68e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b836fc3e9e8f83436bfbbf3786878aa04d47553aa0371e64b8f2bcb9f570db5b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f62705e242f4c59cfc6c754ebe85f4b3fc2837e9be5a967aacc7b7268909d68e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF5120B24087495BC724EBA8DC819EB73DCFF94344F00492EF689D3161EE75A6888767
                                                                                                                                                                                                                                                                                                                                                            Function 0091B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0091C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0091B6AE,?,?), ref: 0091C9B5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0091C998: _wcslen.LIBCMT ref: 0091C9F1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0091C998: _wcslen.LIBCMT ref: 0091CA68
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0091C998: _wcslen.LIBCMT ref: 0091CA9E
                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0091BAA5
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0091BB00
                                                                                                                                                                                                                                                                                                                                                            • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0091BB63
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?), ref: 0091BBA6
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0091BBB3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4853edd2dbe853952310f745895acb21110cef82d40ecd5ecb51613c4ff113eb
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9686adb7d86a8109ce1aabb3238a91cba2389f20b442ecc980cadea9b9c0fbfc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4853edd2dbe853952310f745895acb21110cef82d40ecd5ecb51613c4ff113eb
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E61B571208245EFD714DF18C490E6ABBE9FF84308F54895DF4998B2A2DB31ED85CB92
                                                                                                                                                                                                                                                                                                                                                            Function 008F8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 008F8BCD
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32 ref: 008F8C3E
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32 ref: 008F8C9D
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 008F8D10
                                                                                                                                                                                                                                                                                                                                                            • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 008F8D3B
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e946fbc4b7f533ffc11d703534dcd48bbd09719877656c8e6a7d8c44340fe803
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 67283b9025c256c4d99c309737b2b1f6b31b8f42394fa46bf94832354ac0459a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e946fbc4b7f533ffc11d703534dcd48bbd09719877656c8e6a7d8c44340fe803
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 315178B5A00619EFCB10DF68C884AAAB7F9FF89314B158559FA09DB354E730E911CF90
                                                                                                                                                                                                                                                                                                                                                            Function 00908AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00908BAE
                                                                                                                                                                                                                                                                                                                                                            • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00908BDA
                                                                                                                                                                                                                                                                                                                                                            • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00908C32
                                                                                                                                                                                                                                                                                                                                                            • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00908C57
                                                                                                                                                                                                                                                                                                                                                            • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00908C5F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 74e89365c6f2745535bef3a3b74fce3d636e4e82d98c745c4fc929f1984e875d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5b6b4af71a70197069028913bcf2055378c93cef6636658d25bab227af701da3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 74e89365c6f2745535bef3a3b74fce3d636e4e82d98c745c4fc929f1984e875d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 89513835A002149FDF11EF68C880A6ABBF5FF49314F088458E849AB3A2DB35ED51CB91
                                                                                                                                                                                                                                                                                                                                                            Function 00918EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00918F40
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00918FD0
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 00918FEC
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00919032
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00919052
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008AF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00901043,?,7529E610), ref: 008AF6E6
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008AF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,008EFA64,00000000,00000000,?,?,00901043,?,7529E610,?,008EFA64), ref: 008AF70D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8ffe4875f20ab971f211586ee2b5d99aebd584a0ccf18d4466f2bc52993746a9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7b01fa639d463f72f95aea343542e33fc65fc392ecf25cfcffb75f9318ea22a4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ffe4875f20ab971f211586ee2b5d99aebd584a0ccf18d4466f2bc52993746a9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62515D35604209DFCB15EF58C4948EDBBF5FF49314B0980A8E806AB362DB31ED86CB91
                                                                                                                                                                                                                                                                                                                                                            Function 00926B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00926C33
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,?), ref: 00926C4A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00926C73
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0090AB79,00000000,00000000), ref: 00926C98
                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00926CC7
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1df5a5c123dea75a92825240a165569080cf1547059d323ab24ef1d5f8bf6cac
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 38402f44143c325de33a25f304860ed3e37a8b041f4d4a3f14e708bc8bb4dfcb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1df5a5c123dea75a92825240a165569080cf1547059d323ab24ef1d5f8bf6cac
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E411975A08124AFD724EF28EC54FA97BA9EB09360F140268FAD5E76E4C371ED41DA40
                                                                                                                                                                                                                                                                                                                                                            Function 008C2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1001099342ee0e75326a010fbac857561d4084ce84ddb9916e62635b5a68112f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c9996cdf585df99e861454ddd6486121cd2dfc26f8f375058236e0b607dcd33c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1001099342ee0e75326a010fbac857561d4084ce84ddb9916e62635b5a68112f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3641AC72A002049FDB24DFB8C881F59B7B5FF89314F1545ADE615EB292DA31E901CB81
                                                                                                                                                                                                                                                                                                                                                            Function 008A912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 008A9141
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(00000000,?), ref: 008A915E
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000001), ref: 008A9183
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000002), ref: 008A919D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9461139d6277a8b5c4af5de617da8afdb5bbd3f372f5b3196869e30a8cec38db
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ada97c0dbfb87d778ce59bc92143b4b8b4b32aaf5670809ff9b06338621777b9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9461139d6277a8b5c4af5de617da8afdb5bbd3f372f5b3196869e30a8cec38db
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78417D71A0C65AFBDF159F68C848BEEB774FF06324F20821AE469E7290C7346950DB91
                                                                                                                                                                                                                                                                                                                                                            Function 00903874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetInputState.USER32 ref: 009038CB
                                                                                                                                                                                                                                                                                                                                                            • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00903922
                                                                                                                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 0090394B
                                                                                                                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 00903955
                                                                                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00903966
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b6ef675ebc704942df552debba786d1ad856a8f3874756b81c86cd44180c630b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6723ec51ac6f82d924e7cfe5409d539c65ddb55a0b94889c800be323648f33e2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6ef675ebc704942df552debba786d1ad856a8f3874756b81c86cd44180c630b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C531B370928341DFEB39CB359949FB637ACAB05304F08856DE472C21E0E3F49A85EB51
                                                                                                                                                                                                                                                                                                                                                            Function 0090CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,0090C21E,00000000), ref: 0090CF38
                                                                                                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(?,00000000,?,?), ref: 0090CF6F
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,?,?,?,0090C21E,00000000), ref: 0090CFB4
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,0090C21E,00000000), ref: 0090CFC8
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,0090C21E,00000000), ref: 0090CFF2
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f1bda54f143031c340402cfa863da2a179b8612c2d4cb4c88ce5ed27e9da0e5d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ffd49d1829d296ac4c12628e91b0cf321d674bb8a5bd388dadb51902435f500f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f1bda54f143031c340402cfa863da2a179b8612c2d4cb4c88ce5ed27e9da0e5d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D317AB1604206EFDB20DFA9C884AAFBBFDEF04351B10452EF616D2181DB30EE419B61
                                                                                                                                                                                                                                                                                                                                                            Function 008F1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 008F1915
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000001,00000201,00000001), ref: 008F19C1
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?), ref: 008F19C9
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000001,00000202,00000000), ref: 008F19DA
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?), ref: 008F19E2
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6bb881217acb38fe42ddb2cce22df4ce6871f358605b7b6f14137a4a0fc7b958
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e6b6df2bb3951edd50de96c3c03d1d11998ba801a70c3e9ea41bed13638d8faf
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6bb881217acb38fe42ddb2cce22df4ce6871f358605b7b6f14137a4a0fc7b958
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95318A71A1021DEFDB14CFB8C999AAE3BB5FB04315F504229FA21E72D1C7B09954DB90
                                                                                                                                                                                                                                                                                                                                                            Function 00925706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00925745
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001074,?,00000001), ref: 0092579D
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 009257AF
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 009257BA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00925816
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8256d361bcb5061a66a65b7e1ac5d08c3d6e9610825105fab9137ca77d1df4af
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1d9666ce7efdd1eb66adc868745c91574878c5d5a9e11b646e81e3ffc1802278
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8256d361bcb5061a66a65b7e1ac5d08c3d6e9610825105fab9137ca77d1df4af
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F921B675904628DADB209FA5EC85AEDBBBCFF44324F108216F929EB198D770C985CF50
                                                                                                                                                                                                                                                                                                                                                            Function 00910930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • IsWindow.USER32(00000000), ref: 00910951
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 00910968
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 009109A4
                                                                                                                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,?,00000003), ref: 009109B0
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000003), ref: 009109E8
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 06998ed2f48ea3e09dcf7163dc4beaf85a85ea81796c49116a935ffa5c75f7c4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fc889a01492ca9adfea521cf862d1981071a8fcec171d842f30157e5b80be1bd
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06998ed2f48ea3e09dcf7163dc4beaf85a85ea81796c49116a935ffa5c75f7c4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E321C375600204AFD714EF68D884AAEBBF9FF84740F048428F84AD7762CB70AC44DB90
                                                                                                                                                                                                                                                                                                                                                            Function 008CCDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetEnvironmentStringsW.KERNEL32 ref: 008CCDC6
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008CCDE9
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008C3820: RtlAllocateHeap.NTDLL(00000000,?,00961444,?,008AFDF5,?,?,0089A976,00000010,00961440,008913FC,?,008913C6,?,00891129), ref: 008C3852
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 008CCE0F
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CCE22
                                                                                                                                                                                                                                                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 008CCE31
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a034f443395a7efa69df6fc338c9c9c803142cbef118e70b238a58928e623ca1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3d73f9b554fad4a2e0bb1596c8c476f08a29b4d2e9e5b0b9c932c01681ba3238
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a034f443395a7efa69df6fc338c9c9c803142cbef118e70b238a58928e623ca1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0701D4B26056157F232116BAAC88E7F6A7DFEC7BA1315012DF909C7201EB71CD0291F0
                                                                                                                                                                                                                                                                                                                                                            Function 008A9639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 008A9693
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 008A96A2
                                                                                                                                                                                                                                                                                                                                                            • BeginPath.GDI32(?), ref: 008A96B9
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 008A96E2
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d0407b687efd80d9f58b1909e6e537fc7006cfd32cf3123b871ed927c97c7954
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6a1816ec7d534e1a8ac2de670f15f3d82c4d3534b3e21bc1eebd86c87e8a9797
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d0407b687efd80d9f58b1909e6e537fc7006cfd32cf3123b871ed927c97c7954
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 82217F7082E305EBEF119F68ED157A93BA8FF22355F18021AF450E61A1D3B05891EF94
                                                                                                                                                                                                                                                                                                                                                            Function 008F5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c4a173d51d62db05dab024dd6f6a04a15afea57be95124c231341d7269c4a20a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 67f9b8b4b3f4b2716e3f6f5c0dc6c0ab026919c34c800428fced8593851aac38
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c4a173d51d62db05dab024dd6f6a04a15afea57be95124c231341d7269c4a20a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2201B562645A1DBBD608A525AD92FFB739CFB65398F504030FF09DE341F764ED1082A1
                                                                                                                                                                                                                                                                                                                                                            Function 008C2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,008BF2DE,008C3863,00961444,?,008AFDF5,?,?,0089A976,00000010,00961440,008913FC,?,008913C6), ref: 008C2DFD
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008C2E32
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008C2E59
                                                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,00891129), ref: 008C2E66
                                                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,00891129), ref: 008C2E6F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2df209b11a80dd567f5c274873663bca9bd5edacc30bb7791281583b4ec42dd9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bf2116d3df90e41343924c1d8d59a0181fb843271b4df70c654ae7389176c533
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2df209b11a80dd567f5c274873663bca9bd5edacc30bb7791281583b4ec42dd9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6201F476209B046BCA2267796C45F2F267DFBC13B6B20442CF421F21D3EB30CC065121
                                                                                                                                                                                                                                                                                                                                                            Function 008F000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,008EFF41,80070057,?,?,?,008F035E), ref: 008F002B
                                                                                                                                                                                                                                                                                                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008EFF41,80070057,?,?), ref: 008F0046
                                                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008EFF41,80070057,?,?), ref: 008F0054
                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008EFF41,80070057,?), ref: 008F0064
                                                                                                                                                                                                                                                                                                                                                            • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008EFF41,80070057,?,?), ref: 008F0070
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3c59fabc5d1f2be3a4f8ae39bd8c1197525a8071cd0381f4eb8bd16da40595ef
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 996d81a607fe431b0494c991840a1f8bfc2b7d8be3bd84f0a2ba8ac2306009da
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c59fabc5d1f2be3a4f8ae39bd8c1197525a8071cd0381f4eb8bd16da40595ef
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BA0171B2610608BFDB204F64DC04BAE7AADEB84751F144114FA05D2211EB71DD459BA0
                                                                                                                                                                                                                                                                                                                                                            Function 008FE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 008FE997
                                                                                                                                                                                                                                                                                                                                                            • QueryPerformanceFrequency.KERNEL32(?), ref: 008FE9A5
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 008FE9AD
                                                                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 008FE9B7
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32 ref: 008FE9F3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: af1b562f98bf66f7b4a1a1d62c8abf7aeeb487b37fbb805fdb5e7419e666fd68
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7834fbcbb7eedc4f9506254d4788c0ef7d379653e8b186cd35a6a7eeecee5058
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: af1b562f98bf66f7b4a1a1d62c8abf7aeeb487b37fbb805fdb5e7419e666fd68
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35013571E09A2DDBCF10ABF4D849AEDBB78FB09700F000546E602F2261CB7096569BA1
                                                                                                                                                                                                                                                                                                                                                            Function 008F10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 008F1114
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,008F0B9B,?,?,?), ref: 008F1120
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,008F0B9B,?,?,?), ref: 008F112F
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,008F0B9B,?,?,?), ref: 008F1136
                                                                                                                                                                                                                                                                                                                                                            • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 008F114D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 47f43c93035eee5af57bb43a6c12ce668e3074bac4f66ef9037bc1c75ac4b640
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b0e202b6b73844dc29a0a72f57d7ec85bb6dca52e81211b43f60cdaefbdc648f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 47f43c93035eee5af57bb43a6c12ce668e3074bac4f66ef9037bc1c75ac4b640
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F7016DB9104205BFDF214F64DC4DA6A3B6EFF85360B100414FA41C3350DB31DC419A60
                                                                                                                                                                                                                                                                                                                                                            Function 008F0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 008F0FCA
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 008F0FD6
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 008F0FE5
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 008F0FEC
                                                                                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 008F1002
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e673f34a0e0819afe7bee31f064819c4e09d33a569848f1d91c6eda0c1a1cd8a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 97448b9584348cb438b3f5d48a3c354d16ac5c9e7afff3853ad89acc9d50fa43
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e673f34a0e0819afe7bee31f064819c4e09d33a569848f1d91c6eda0c1a1cd8a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3DF0A9B6204305EBDB214FA49C4EF6A3BADFF89B62F200424FA05C7251CA30DC419A60
                                                                                                                                                                                                                                                                                                                                                            Function 008F1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 008F102A
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 008F1036
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 008F1045
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 008F104C
                                                                                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 008F1062
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f886856b2fb3f44aae107a1c3d516cb1e02c879986ad7b0b9b5883a13471a06e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 070d71bfa0f79a19346e78b50a700fab24018a4a207f4fbfa06868335311854a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f886856b2fb3f44aae107a1c3d516cb1e02c879986ad7b0b9b5883a13471a06e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C9F0CDB5204305FBDB219FA4EC4DF6A3BADFF89761F200424FA05C7250DE30D8419A60
                                                                                                                                                                                                                                                                                                                                                            Function 0090030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0090017D,?,009032FC,?,00000001,008D2592,?), ref: 00900324
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0090017D,?,009032FC,?,00000001,008D2592,?), ref: 00900331
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0090017D,?,009032FC,?,00000001,008D2592,?), ref: 0090033E
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0090017D,?,009032FC,?,00000001,008D2592,?), ref: 0090034B
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0090017D,?,009032FC,?,00000001,008D2592,?), ref: 00900358
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0090017D,?,009032FC,?,00000001,008D2592,?), ref: 00900365
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a70286d7a276c6f695caf05ed1656fc8b8be2b20623b2aabdeadd3834bfbd97e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 276c55b596440314da5acc0843647361ac6e35d7cf47d2e9dce4a3a0b43bb3f3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a70286d7a276c6f695caf05ed1656fc8b8be2b20623b2aabdeadd3834bfbd97e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E01EE72800B019FCB31AF66D880902FBF9BFA03153148A3FD19692970C3B0A948DF80
                                                                                                                                                                                                                                                                                                                                                            Function 008CD73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CD752
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000), ref: 008C29DE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008C29C8: GetLastError.KERNEL32(00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000,00000000), ref: 008C29F0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CD764
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CD776
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CD788
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008CD79A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d80c708097eca318eea6d483ce4b90e4061137d5fc4d959bbf6389c6ded3a345
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e220a14fc45e069b7df2c685ff5378f8a168b71b0e6cce5ece74675722851d2e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d80c708097eca318eea6d483ce4b90e4061137d5fc4d959bbf6389c6ded3a345
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 89F037B2558304AB8625FB69F9C6E1A7BFDFB04311BA5081DF048E7642CB30FC808A61
                                                                                                                                                                                                                                                                                                                                                            Function 008F5C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 008F5C58
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(00000000,?,00000100), ref: 008F5C6F
                                                                                                                                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 008F5C87
                                                                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,0000040A), ref: 008F5CA3
                                                                                                                                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000001), ref: 008F5CBD
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6511f8eb139255b77cdeed87096aac5d11d292b43a55f7a9237b721266b6b332
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3d20906090c618459d25deeb3a0a387d6f8060e8a5cb43eb1af1dc74e0ebf390
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6511f8eb139255b77cdeed87096aac5d11d292b43a55f7a9237b721266b6b332
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B018170514B08ABEB305B20DD5EFBA77B8FF00B06F040559A783E14E1DBF4A9899B91
                                                                                                                                                                                                                                                                                                                                                            Function 008C22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008C22BE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000), ref: 008C29DE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008C29C8: GetLastError.KERNEL32(00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000,00000000), ref: 008C29F0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008C22D0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008C22E3
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008C22F4
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008C2305
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9f919aef6e75ff38344997cea10890333bd8590f4d90880da6e8ca4647b2b873
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fcf8f3d53e1d20d05e742ada8fada829316d2f76b2c9be80c436352b64ef00b2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f919aef6e75ff38344997cea10890333bd8590f4d90880da6e8ca4647b2b873
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26F03AB08693209FC612AF58BC41E093FB4F718762744050EF420D22F1CBB18911FFA5
                                                                                                                                                                                                                                                                                                                                                            Function 008A95C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • EndPath.GDI32(?), ref: 008A95D4
                                                                                                                                                                                                                                                                                                                                                            • StrokeAndFillPath.GDI32(?,?,008E71F7,00000000,?,?,?), ref: 008A95F0
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 008A9603
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32 ref: 008A9616
                                                                                                                                                                                                                                                                                                                                                            • StrokePath.GDI32(?), ref: 008A9631
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2625713937-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 122f25731a0fa83f256ecef8895bdbd307b6c5ea393627ae9111fe9819ece7ab
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a5f51ffb634a40b581750eb80dca655265090404dddb4d56790917903653e318
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 122f25731a0fa83f256ecef8895bdbd307b6c5ea393627ae9111fe9819ece7ab
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6FF0313042D204EBEB265F55FE1D7683B65FB12362F088218F455954F1C7B04556FF60
                                                                                                                                                                                                                                                                                                                                                            Function 008C0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: __freea$_free
                                                                                                                                                                                                                                                                                                                                                            • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3caa4be8e072c86c4eb47f656362b12cf226671f3d50c6b1aecaf40434c3c379
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 60eeb540458e2c2d5863636a0b0b1195d138fd9e66eac892b798ebbca2836d80
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3caa4be8e072c86c4eb47f656362b12cf226671f3d50c6b1aecaf40434c3c379
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EAD1BD3591024A8ADF249F68C8D9FBAB7B1FB07708F28415EE501DBA52D379DD80CB91
                                                                                                                                                                                                                                                                                                                                                            Function 00917B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B0242: EnterCriticalSection.KERNEL32(0096070C,00961884,?,?,008A198B,00962518,?,?,?,008912F9,00000000), ref: 008B024D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B0242: LeaveCriticalSection.KERNEL32(0096070C,?,008A198B,00962518,?,?,?,008912F9,00000000), ref: 008B028A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B00A3: __onexit.LIBCMT ref: 008B00A9
                                                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 00917BFB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B01F8: EnterCriticalSection.KERNEL32(0096070C,?,?,008A8747,00962514), ref: 008B0202
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B01F8: LeaveCriticalSection.KERNEL32(0096070C,?,008A8747,00962514), ref: 008B0235
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: 5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 535116098-3733170431
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 79e75b78452569b11b501a781bdac3075e63010b0838970c9cf9cb11eea8bc24
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7aa298177f067df131bb56e170bef14bb37a814fc3d1c2a73f284fa7b4dc3ba9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 79e75b78452569b11b501a781bdac3075e63010b0838970c9cf9cb11eea8bc24
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 73917A74B0420EAFCB14EF98D8819EDB7B5FF88304F148459F8469B291DB71AE81CB51
                                                                                                                                                                                                                                                                                                                                                            Function 008F2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008FB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,008F21D0,?,?,00000034,00000800,?,00000034), ref: 008FB42D
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 008F2760
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008FB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,008F21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 008FB3F8
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008FB32A: GetWindowThreadProcessId.USER32(?,?), ref: 008FB355
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008FB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,008F2194,00000034,?,?,00001004,00000000,00000000), ref: 008FB365
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008FB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,008F2194,00000034,?,?,00001004,00000000,00000000), ref: 008FB37B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 008F27CD
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 008F281A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5532e864ecb6f37e637ea34c78d954de26e0ade6a4c2252d4561cf38fc4465fa
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c383f6e20b7b1719edc9e24200a411f503b62a9e1fe7da3e8d31f211c34bf04a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5532e864ecb6f37e637ea34c78d954de26e0ade6a4c2252d4561cf38fc4465fa
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 42411B7290021CAFDB10DBA8CD46AEEBBB8FF09740F104095FA55B7181DB706E45CBA1
                                                                                                                                                                                                                                                                                                                                                            Function 008C172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\fNlxQP0jBz.exe,00000104), ref: 008C1769
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008C1834
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008C183E
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                                                                            • String ID: C:\Users\user\Desktop\fNlxQP0jBz.exe
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2506810119-1275097622
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 930f1782384b36f21632587f5d8da5258ca59e78d7efa5ad08403f4632adf395
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5f95644aebd25d4ce72e63cf962eb40b61bba765640776cd6d8a69a93b7cd1f5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 930f1782384b36f21632587f5d8da5258ca59e78d7efa5ad08403f4632adf395
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62316F75A44218AFDF21DF9998C9E9EBBFCFB86310B54416EF404D7212D6B0CA40DB91
                                                                                                                                                                                                                                                                                                                                                            Function 008FC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 008FC306
                                                                                                                                                                                                                                                                                                                                                            • DeleteMenu.USER32(?,00000007,00000000), ref: 008FC34C
                                                                                                                                                                                                                                                                                                                                                            • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00961990,00FA5788), ref: 008FC395
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 27473bd67a85d90174df70c257c2c72c8531020e13e6a9c75897c8f813619e43
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 103c0392ddeb9e4e725056d77e3c994912495326254ba3a46a0c80d52e38d346
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 27473bd67a85d90174df70c257c2c72c8531020e13e6a9c75897c8f813619e43
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A417B712083099BD720DF39D944A6ABBE4FF85354F14861DFAA5D7391D730AA04CA52
                                                                                                                                                                                                                                                                                                                                                            Function 00924416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0092CC08,00000000,?,?,?,?), ref: 009244AA
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32 ref: 009244C7
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 009244D7
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                            • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: eff2475c8fcdb0eea4b30f4e0a151a48680a388ce918a1fe73d328ffdc8111f1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4d67d0135ecbdda65020d03da9a3c98208c8d9745b9bd216646e67d99e81e131
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eff2475c8fcdb0eea4b30f4e0a151a48680a388ce918a1fe73d328ffdc8111f1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C31BA71214625ABDF209E38EC45BEA7BA9EB09334F204714F975A21E4D770EC519B50
                                                                                                                                                                                                                                                                                                                                                            Function 0091304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0091335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00913077,?,?), ref: 00913378
                                                                                                                                                                                                                                                                                                                                                            • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0091307A
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0091309B
                                                                                                                                                                                                                                                                                                                                                            • htons.WSOCK32(00000000,?,?,00000000), ref: 00913106
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                                                                                            • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 14ddff50c709ee1b0552b4a304189ebc32e9a5971b62eae251812dd8259ecd0c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9aa60188fab69e354fc2bc79feb4820c1998bff5f1a7fe4ed7d9015d363fb410
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 14ddff50c709ee1b0552b4a304189ebc32e9a5971b62eae251812dd8259ecd0c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD31B2357042099FCB20CF29C585AE977F4EF58318F24C099E9159B392D771EE85C761
                                                                                                                                                                                                                                                                                                                                                            Function 00924653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00924705
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00924713
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0092471A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a41d9ea3c27f2922c80e6cb0d585bf47f36881c58f35dcee83abdfab01b684e8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 996274fc62e9af973c04625607fd09e5bfb85faae05aef0d658af88744ca09fb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a41d9ea3c27f2922c80e6cb0d585bf47f36881c58f35dcee83abdfab01b684e8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6215EB5604219AFDB10DF68ECC1DAB37ADEB5A3A4B040059FA14DB351CB70EC11DB60
                                                                                                                                                                                                                                                                                                                                                            Function 008F95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 176396367-2734436370
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 891f0e32181a6106f517108a1496d38977af736e923c903108b55c712ab51ed3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d66520282380af791397b6f10f89494d4bc46a63f3068f3af4c5ac009ebb7f83
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 891f0e32181a6106f517108a1496d38977af736e923c903108b55c712ab51ed3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E8213832104129A6D731BA389C12FB773DCFFA5304F144026FB89DB141EB559D45C296
                                                                                                                                                                                                                                                                                                                                                            Function 009237B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00923840
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00923850
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00923876
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: Listbox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 903ad6bc47a7ea7c9f9c38b7333a55f777521af78d38db5c34323c2eaca2f31d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bb7f2a593fe41276362a9338c56a98038bcc772df979cba5d3116759fb34e168
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 903ad6bc47a7ea7c9f9c38b7333a55f777521af78d38db5c34323c2eaca2f31d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A421D172610228BBEF218F64EC81FBB376EEF89754F10C124F9009B194C675DC528BA0
                                                                                                                                                                                                                                                                                                                                                            Function 009049F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 00904A08
                                                                                                                                                                                                                                                                                                                                                            • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00904A5C
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,?,?,0092CC08), ref: 00904AD0
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                                                                            • String ID: %lu
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f37deec56e36ecc44e0012fb885a0c07e9d500751041ad3f3180f8165a89e3bb
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 52583334355338b68ca4b17d1fdfb5540d3687894e3a4977e8198370ac9cba5f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f37deec56e36ecc44e0012fb885a0c07e9d500751041ad3f3180f8165a89e3bb
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19313075A04109AFDB10DF58C885EAE77F8EF44308F1480A9F905DB252D771ED46CB62
                                                                                                                                                                                                                                                                                                                                                            Function 009241EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0092424F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00924264
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00924271
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c204212f5b2aab71b01fc1f58505fc567bfbb66cef6b27d9523dcac92ad1aa71
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 859b0fbdb49f8756b09a404f2614ce29490bdd408a37c71bb27523a74adc9c37
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c204212f5b2aab71b01fc1f58505fc567bfbb66cef6b27d9523dcac92ad1aa71
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F110231240218BEEF209F69DC06FAB3BACEF95B64F010524FA55E20A0D2B1DC619B60
                                                                                                                                                                                                                                                                                                                                                            Function 008F2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00896B57: _wcslen.LIBCMT ref: 00896B6A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 008F2DC5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 008F2DD6
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F2DA7: GetCurrentThreadId.KERNEL32 ref: 008F2DDD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 008F2DE4
                                                                                                                                                                                                                                                                                                                                                            • GetFocus.USER32 ref: 008F2F78
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F2DEE: GetParent.USER32(00000000), ref: 008F2DF9
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 008F2FC3
                                                                                                                                                                                                                                                                                                                                                            • EnumChildWindows.USER32(?,008F303B), ref: 008F2FEB
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: %s%d
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5e3ccc3fa9890d249e6728b6157e5ccd4c203776fd56e31437d4331902cff76d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 64e0b0b8af70665d11d9ff2456bd06aa49a0bed4a8f783f184a6d5421a6be198
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e3ccc3fa9890d249e6728b6157e5ccd4c203776fd56e31437d4331902cff76d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B11190B16002096BCF14BF788C85EFD376AFF84314F044075BA09EB252EE70994A9B71
                                                                                                                                                                                                                                                                                                                                                            Function 00925882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 009258C1
                                                                                                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 009258EE
                                                                                                                                                                                                                                                                                                                                                            • DrawMenuBar.USER32(?), ref: 009258FD
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d5e8985076ebbb699dd64fec43c20de83272ab3999f902712cefa0e8ca88fd58
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8fab075a7c3c769a971878585ea293976800cc36107eb0c203718a32f7588d0a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5e8985076ebbb699dd64fec43c20de83272ab3999f902712cefa0e8ca88fd58
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC01C031514228EFDB209F51EC44FAEBBB8FF45360F108099F848DA165DB308A94EF21
                                                                                                                                                                                                                                                                                                                                                            Function 008F007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 82fd82c879ba3e2ce31200dd62e86fd83288cb32c85ae1efcdf299202c12ba24
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4130767e3c14e18ebe636a3cab7592b375abbdb4300e7b0c8d3d5072d138eb31
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82fd82c879ba3e2ce31200dd62e86fd83288cb32c85ae1efcdf299202c12ba24
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ADC12A75A0021AEFDB15CFA4C894ABEB7B5FF48704F208598E605EB252D731ED81DB90
                                                                                                                                                                                                                                                                                                                                                            Function 008C3E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c08e07e51b4fd94e79180bc41c65dcaf2998f5b0c10ab6e6b2f9086b70116184
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9CA13571E107869FDB21CE18C8A1FAABBF5FF65350F18816EE585DB282C634C982C751
                                                                                                                                                                                                                                                                                                                                                            Function 0091342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1998397398-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 007f39782362a5b128634a20133e948b4652f9ec0c6ce221adcf943a3b43456a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 742f202015e15bc9f9fc1bf0996dde310161d19123fc40c7d44675c433d21e2c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 007f39782362a5b128634a20133e948b4652f9ec0c6ce221adcf943a3b43456a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E1A13A753082049FDB10EF28C585A6AB7E5FF88710F098859F98ADB362DB30ED45CB52
                                                                                                                                                                                                                                                                                                                                                            Function 008F0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0092FC08,?), ref: 008F05F0
                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0092FC08,?), ref: 008F0608
                                                                                                                                                                                                                                                                                                                                                            • CLSIDFromProgID.OLE32(?,?,00000000,0092CC40,000000FF,?,00000000,00000800,00000000,?,0092FC08,?), ref: 008F062D
                                                                                                                                                                                                                                                                                                                                                            • _memcmp.LIBVCRUNTIME ref: 008F064E
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9bad9861abfa99440f53a438982106ed930d28ce6e0eba9738933c111f0763b0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 26ce51c5aff3e83f511b9377f9417743ca22f17b4ca6402062f8b1063042c107
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9bad9861abfa99440f53a438982106ed930d28ce6e0eba9738933c111f0763b0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1481D975A00209EFCB04DFA4C984DEEB7B9FF89315B204558E616EB251DB71AE06CF60
                                                                                                                                                                                                                                                                                                                                                            Function 0091A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 0091A6AC
                                                                                                                                                                                                                                                                                                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 0091A6BA
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 0091A79C
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0091A7AB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008ACE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,008D3303,?), ref: 008ACE8A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 00dbfd6d3a97aa11d443a4113d710079b78675a4f079ad7a72a13ac126ef109f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 86b233e5b4786c7cd723c5340a458d6f8b93d5101d43d6bb31081086cbb7fa6f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 00dbfd6d3a97aa11d443a4113d710079b78675a4f079ad7a72a13ac126ef109f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B5512B71608300AFD710EF28C886A6BBBE8FF89754F44492DF595D7252EB70E904CB92
                                                                                                                                                                                                                                                                                                                                                            Function 008D1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 89070ddf0fdda9ee470bb391120bc39a19c4b3944ebb2fb53891fad9bfcd25a4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1a1279d3e089065fa9cfddb69c944f2229467312d94438136aa2f59905e33132
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89070ddf0fdda9ee470bb391120bc39a19c4b3944ebb2fb53891fad9bfcd25a4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 47412475A00504BBDF256ABD9C4EAAE3BB7FF41330F24432BF418D2392E67488415267
                                                                                                                                                                                                                                                                                                                                                            Function 00926278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 009262E2
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00926315
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00926382
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6b30a8aa40d2b6126ed9fbf550d9b704b5868d3a4114cee7ed26577e57fc5910
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 798bface995f71b5cf6cd1ac41f0f252c0ad0f7197750c5d839f295922deb718
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6b30a8aa40d2b6126ed9fbf550d9b704b5868d3a4114cee7ed26577e57fc5910
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6512B74900219EFCF24DF68E880AAE7BB9FF45360F108159F855976A4D730AD41DB90
                                                                                                                                                                                                                                                                                                                                                            Function 00911AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000002,00000011), ref: 00911AFD
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00911B0B
                                                                                                                                                                                                                                                                                                                                                            • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00911B8A
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00911B94
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 601bca06601fcda3590bbf91bb3637ed9d92aff5db98ff84313f464c447f84b6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 59caa3116eee64fede5f6db0402b6df154ed850fc9040ffe5ca55cc64c2faa40
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 601bca06601fcda3590bbf91bb3637ed9d92aff5db98ff84313f464c447f84b6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5141D5747402006FEB20AF24C886F6977E5FB44718F588458F6199F7D2D772ED818B91
                                                                                                                                                                                                                                                                                                                                                            Function 008CB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: bac22f416fec5f2bf2208fe80ca2d466cadaf261f1b52cd597e293bec2ca1e98
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e72b8d36d85f8e7ebf2f4de132728259fb73fa95fd62b10238296a765e08dc96
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bac22f416fec5f2bf2208fe80ca2d466cadaf261f1b52cd597e293bec2ca1e98
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0041C175A04B04AFD7289F7CC842FAABBB9FB88710F10862EF141DB282D771D9018781
                                                                                                                                                                                                                                                                                                                                                            Function 009056D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00905783
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000), ref: 009057A9
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 009057CE
                                                                                                                                                                                                                                                                                                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 009057FA
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e3e8e560df0a048135829d047a4dc9211116fbecbbe0354182028d773b3090f5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5385bc8e31355a438028d2b0756fcd2278fc72a1f741eea3d6697b52e461d3f2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e3e8e560df0a048135829d047a4dc9211116fbecbbe0354182028d773b3090f5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B410935614610DFCF11EF19C544A1EBBE5FF89320B1A8488E84A9B362CB34FD419B92
                                                                                                                                                                                                                                                                                                                                                            Function 008CD8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,008B6D71,00000000,00000000,008B82D9,?,008B82D9,?,00000001,008B6D71,8BE85006,00000001,008B82D9,008B82D9), ref: 008CD910
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 008CD999
                                                                                                                                                                                                                                                                                                                                                            • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 008CD9AB
                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 008CD9B4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008C3820: RtlAllocateHeap.NTDLL(00000000,?,00961444,?,008AFDF5,?,?,0089A976,00000010,00961440,008913FC,?,008913C6,?,00891129), ref: 008C3852
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9c1ec47517e66a7a9cac3521f4e9b84053197cb04568473857172fabddd0a503
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f079282be524134ace47738c51287a74fd8e35d494c0b509a7050da71d6da63f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c1ec47517e66a7a9cac3521f4e9b84053197cb04568473857172fabddd0a503
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0C31AD72A0020AABDF24EF69DC85EAE7BB5FB41310B05426CFC04DA291EB35CD55CB91
                                                                                                                                                                                                                                                                                                                                                            Function 009252C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001024,00000000,?), ref: 00925352
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00925375
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00925382
                                                                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 009253A8
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3340791633-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d5eabcf720bd80113ef99abef95dbf76e888e3d428370175af2a221caceb8894
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e9e29a58f8dca7897d40da7ea534f2dfb486d59b99833f767306e52895e082f7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5eabcf720bd80113ef99abef95dbf76e888e3d428370175af2a221caceb8894
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6331F670A69A28EFEF34DF14EC05FE83769AB043D0F596401FA10961E4C7B49D40EB81
                                                                                                                                                                                                                                                                                                                                                            Function 008FAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 008FABF1
                                                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(00000080,?,00008000), ref: 008FAC0D
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000101,00000000), ref: 008FAC74
                                                                                                                                                                                                                                                                                                                                                            • SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 008FACC6
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c68e3abd3e4f788650584ce442043a80a16b798156a7cf98bf845534ad52238f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a6fac4739232d13d0a6ebad90cf6ba2d9becfb0c7119e95d927b2228646300dd
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c68e3abd3e4f788650584ce442043a80a16b798156a7cf98bf845534ad52238f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 583116B0A0471CAFEB388B75CC047FE7AA5FB49320F04421AE689D22D0D37589859752
                                                                                                                                                                                                                                                                                                                                                            Function 00927674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 0092769A
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00927710
                                                                                                                                                                                                                                                                                                                                                            • PtInRect.USER32(?,?,00928B89), ref: 00927720
                                                                                                                                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 0092778C
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1a7f5894a961813bf3d387967eea9afa8ce53fa52048ae5c671b2d20f44eb78c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bfddaac8164bbb246eb0ffafecfbecf5c625249e7f449b394fe14045c6415a16
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1a7f5894a961813bf3d387967eea9afa8ce53fa52048ae5c671b2d20f44eb78c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BA41BF34609225DFCB11CF98E894EA9B7F8FF49304F1840A8E814EB269C370E942DF90
                                                                                                                                                                                                                                                                                                                                                            Function 009216DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 009216EB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 008F3A57
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F3A3D: GetCurrentThreadId.KERNEL32 ref: 008F3A5E
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008F25B3), ref: 008F3A65
                                                                                                                                                                                                                                                                                                                                                            • GetCaretPos.USER32(?), ref: 009216FF
                                                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(00000000,?), ref: 0092174C
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 00921752
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 569325f60ef5cadb35debbecf0baab3b7162b148bde2ece5391a56d5869d3013
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f7e41268c6ca2ba7f501f07f915b7499d5e9f874fb4aeb573265cd53d5c692f0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 569325f60ef5cadb35debbecf0baab3b7162b148bde2ece5391a56d5869d3013
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 98314171D00159AFCB10EFAAC881CAEB7FDFF88304B548069E415E7211EB319E45CBA1
                                                                                                                                                                                                                                                                                                                                                            Function 00928FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008A9BB2
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00929001
                                                                                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,008E7711,?,?,?,?,?), ref: 00929016
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 0092905E
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,008E7711,?,?,?), ref: 00929094
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c69698f5cee9c2f3ecf27dabacb501b6cdb5bd8aaa9ac061e8e31e3811d93e73
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 32ba5bd4a1cd5ccaf7a5c060a8f8ec7ddd98a88ba959f6d9f5d89c4e1622b8b7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c69698f5cee9c2f3ecf27dabacb501b6cdb5bd8aaa9ac061e8e31e3811d93e73
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C521D131611028EFDB258F98EC58EFA3BB9FF8A360F044159F90587261C3359991EBA0
                                                                                                                                                                                                                                                                                                                                                            Function 008FD2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?,0092CB68), ref: 008FD2FB
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008FD30A
                                                                                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 008FD319
                                                                                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0092CB68), ref: 008FD376
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7e0b90c92b7e803adc11f673bad25db16fbfd1bae55d82375e3bc6a9f1719332
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0f260e00316c9bdcbc2e5c2c4ec768b623e05182feebf32697b9a5932b1ee261
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7e0b90c92b7e803adc11f673bad25db16fbfd1bae55d82375e3bc6a9f1719332
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43217E715093059F8710EF38C88186E77E5FE55324F244A1DF6A9C32A1EB31D946CB93
                                                                                                                                                                                                                                                                                                                                                            Function 008F1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 008F102A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 008F1036
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 008F1045
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 008F104C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 008F1062
                                                                                                                                                                                                                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 008F15BE
                                                                                                                                                                                                                                                                                                                                                            • _memcmp.LIBVCRUNTIME ref: 008F15E1
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008F1617
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 008F161E
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1592001646-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b4e1d2e701957b8902b02fc8172f477efa40ffa9767dfb803465ae2afad638e1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c8f79198c2246d97357567c91d74550cb1ecc7df74b7e8ceb5b42ce836940ce2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b4e1d2e701957b8902b02fc8172f477efa40ffa9767dfb803465ae2afad638e1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D6215571E00108EBDF10DFA4C949BEEB7B8FF94344F084459E541EB241E735AA05DBA0
                                                                                                                                                                                                                                                                                                                                                            Function 00922782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 0092280A
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00922824
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00922832
                                                                                                                                                                                                                                                                                                                                                            • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00922840
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 99249512fe70acd0bb03a3135c3ded2759685ec4f0ee22dea253fe8272d92883
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a37063b9e522e960bc4e8f15effb0a8112a9cf4468e2279113067c982a12e8a0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 99249512fe70acd0bb03a3135c3ded2759685ec4f0ee22dea253fe8272d92883
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E21D331209121BFD714AB24EC44FAA7B99EF85324F148258F426CB6E2CB75FC42CB90
                                                                                                                                                                                                                                                                                                                                                            Function 008F78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,008F790A,?,000000FF,?,008F8754,00000000,?,0000001C,?,?), ref: 008F8D8C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F8D7D: lstrcpyW.KERNEL32(00000000,?,?,008F790A,?,000000FF,?,008F8754,00000000,?,0000001C,?,?,00000000), ref: 008F8DB2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F8D7D: lstrcmpiW.KERNEL32(00000000,?,008F790A,?,000000FF,?,008F8754,00000000,?,0000001C,?,?), ref: 008F8DE3
                                                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,008F8754,00000000,?,0000001C,?,?,00000000), ref: 008F7923
                                                                                                                                                                                                                                                                                                                                                            • lstrcpyW.KERNEL32(00000000,?,?,008F8754,00000000,?,0000001C,?,?,00000000), ref: 008F7949
                                                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(00000002,cdecl,?,008F8754,00000000,?,0000001C,?,?,00000000), ref: 008F7984
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                                                                                            • String ID: cdecl
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: be18fabecccea11a0c4d04e2db67e9b19d36d3ef4aa53e7f1055ca6454e116f2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 59872374963902ac81e67198721e3df609d09ca7b130a801a4debf293a721292
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: be18fabecccea11a0c4d04e2db67e9b19d36d3ef4aa53e7f1055ca6454e116f2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0611293A304305AFEB259F39CC45D7A77A5FF85350B40402AFA02CB2A5EB759811D791
                                                                                                                                                                                                                                                                                                                                                            Function 00927CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00927D0B
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00927D2A
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00927D42
                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0090B7AD,00000000), ref: 00927D6B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008A9BB2
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 847901565-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3fa4e5a4fea251a3521ddaba4b3045c0b620fef0b8f3f1a3b76c791afe5d33a4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 389961a5b4fcd88ce375810800a1ca7647df326802876eae9373a06a2de5e052
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3fa4e5a4fea251a3521ddaba4b3045c0b620fef0b8f3f1a3b76c791afe5d33a4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4111D231119625AFCB108F68EC04E6A7BA9AF46360B154728F835E72F4D7309951DB50
                                                                                                                                                                                                                                                                                                                                                            Function 00925660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001060,?,00000004), ref: 009256BB
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 009256CD
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 009256D8
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00925816
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6453d33c1820feb9e89b8dc1a04fe909a708f28de5743986acc7560e81473262
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: dd84743543f980d5c2b708a66201f49f14c492795880fed0937b23c2d64866a8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6453d33c1820feb9e89b8dc1a04fe909a708f28de5743986acc7560e81473262
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6211387560062896DF20DF65EC85AFE77BCFF10360F504426F915D6199E774CA84CB60
                                                                                                                                                                                                                                                                                                                                                            Function 008C1D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3fb6d26c475b6a8b5b92af036aa4ddda19e2b10b635d6c81d6fac47d33a00bf7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a62a5d7f87af05d0f2a068882d801cb21cdb35a7e05092f79ac88993496767e2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3fb6d26c475b6a8b5b92af036aa4ddda19e2b10b635d6c81d6fac47d33a00bf7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31012CB2209A1A7EFA2126786CC5F67666DFF423B8B35032DF622D11D7DA70CC5051A1
                                                                                                                                                                                                                                                                                                                                                            Function 008F1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 008F1A47
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 008F1A59
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 008F1A6F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 008F1A8A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1dec06718db233bd0ca63044cb45a6e6d8dcaf9ca5d75fa99849ae18dd11ca30
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 750c48f9d343d9e45917f30a6592ac7c18023ee596236027b370e9a5d68159c7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1dec06718db233bd0ca63044cb45a6e6d8dcaf9ca5d75fa99849ae18dd11ca30
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C811F77A901229FFEF119BA5C985FADBB78FB08750F200091EA04B7290D7716E51DB94
                                                                                                                                                                                                                                                                                                                                                            Function 008FE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 008FE1FD
                                                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(?,?,?,?), ref: 008FE230
                                                                                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 008FE246
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 008FE24D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 216f156306e76b2a8a0dcc422c5471e22bacffaf61431cca212f425ee7992e78
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d31aab29ede730631f3d2aab7e3e9ce5c24457fdc85029fbcf95c8e5a5013109
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 216f156306e76b2a8a0dcc422c5471e22bacffaf61431cca212f425ee7992e78
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 481108B2918258BBD7119FB89C05EAE7FACFB45320F144619F925E3391E2B0990097A0
                                                                                                                                                                                                                                                                                                                                                            Function 008BD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,?,008BCFF9,00000000,00000004,00000000), ref: 008BD218
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008BD224
                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 008BD22B
                                                                                                                                                                                                                                                                                                                                                            • ResumeThread.KERNEL32(00000000), ref: 008BD249
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2f9bfb831f534cbb8ce986e377c24d36baab95e0f4a2b5f1fda2a4f16dedf7a7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3d9176804ee7190e17d038734e6780790144f707bfa095af7e4cf304e8d54cab
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f9bfb831f534cbb8ce986e377c24d36baab95e0f4a2b5f1fda2a4f16dedf7a7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1301C476405309BBCB215BA9DC05BEE7A69FF81330F104219F925D22D1EB71990196A1
                                                                                                                                                                                                                                                                                                                                                            Function 0089600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0089604C
                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00896060
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 0089606A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3c32de1d6360b3bbeda2c5727e20c8255cccea8c33c6f6d4b7786b911dc35a5e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 06475054b23b93f8439d38bc9ded5b8be98eb9c5b3cb40c4dc594ac5c3ab91d2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c32de1d6360b3bbeda2c5727e20c8255cccea8c33c6f6d4b7786b911dc35a5e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D51161B2505909BFEF225F949C94EEA7B6DFF183A4F080215FA14A2120D7329C60EB91
                                                                                                                                                                                                                                                                                                                                                            Function 008B3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ___BuildCatchObject.LIBVCRUNTIME ref: 008B3B56
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 008B3AD2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B3AA3: ___AdjustPointer.LIBCMT ref: 008B3AED
                                                                                                                                                                                                                                                                                                                                                            • _UnwindNestedFrames.LIBCMT ref: 008B3B6B
                                                                                                                                                                                                                                                                                                                                                            • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 008B3B7C
                                                                                                                                                                                                                                                                                                                                                            • CallCatchBlock.LIBVCRUNTIME ref: 008B3BA4
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 737400349-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: dd7f69345c1145cb169f70d04742fcbb0a6cc857663fc4095cc2161966690ea8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE010C32100149BBDF126E99CC46EEB7F6DFF58764F054014FE48A6221D732E961EBA1
                                                                                                                                                                                                                                                                                                                                                            Function 008C3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,008913C6,00000000,00000000,?,008C301A,008913C6,00000000,00000000,00000000,?,008C328B,00000006,FlsSetValue), ref: 008C30A5
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,008C301A,008913C6,00000000,00000000,00000000,?,008C328B,00000006,FlsSetValue,00932290,FlsSetValue,00000000,00000364,?,008C2E46), ref: 008C30B1
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,008C301A,008913C6,00000000,00000000,00000000,?,008C328B,00000006,FlsSetValue,00932290,FlsSetValue,00000000), ref: 008C30BF
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 70f9b874865b3d9ff79edde9898a40747d0b89a130150700597576f379fac956
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 29dc78262edc63637ed034c8e8f9bfa9239c889f03a68f7f2133f3e3ae7d55ac
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70f9b874865b3d9ff79edde9898a40747d0b89a130150700597576f379fac956
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E501FC73315A26ABC7314B78AC44F6777A8FF45761B108628F956D3140C731D903C6D0
                                                                                                                                                                                                                                                                                                                                                            Function 008F7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 008F747F
                                                                                                                                                                                                                                                                                                                                                            • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 008F7497
                                                                                                                                                                                                                                                                                                                                                            • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 008F74AC
                                                                                                                                                                                                                                                                                                                                                            • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 008F74CA
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1352324309-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f1c816c952e505468976bba74103811dfc5b595a72b4ad07329a020740e51061
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: edb388fe435087a25e7e9f651e0c7f1b922b3d6a469a16ace76bcb25da837505
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f1c816c952e505468976bba74103811dfc5b595a72b4ad07329a020740e51061
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58118BB1209319ABF7309F24EC09BA67BFCFB00B04F108569E616D7191D7B0E944DBA4
                                                                                                                                                                                                                                                                                                                                                            Function 008FB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,008FACD3,?,00008000), ref: 008FB0C4
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,008FACD3,?,00008000), ref: 008FB0E9
                                                                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,008FACD3,?,00008000), ref: 008FB0F3
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,008FACD3,?,00008000), ref: 008FB126
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f2c60a7b782ab5fc113e9abb707f0399b3ee08d45f9dddb62f9d257473ca4d45
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3f76639b403c8b03467e82f74c801e107f38e7731bde82dc8ff6df25c9fc562d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f2c60a7b782ab5fc113e9abb707f0399b3ee08d45f9dddb62f9d257473ca4d45
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 30117970C08A2DEBCF10AFF4E9A96FEBB78FF49311F004085DA41B2281DB3046919B61
                                                                                                                                                                                                                                                                                                                                                            Function 008F2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 008F2DC5
                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 008F2DD6
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 008F2DDD
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 008F2DE4
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 83dd3dd6f55e1ae36fdee80db46bc1a0fb7e97533fa8de9e01eef3d28ec7a98c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 87a785268d23765320b9063e35b5056cb82876f106046326ef4e952040c1003e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 83dd3dd6f55e1ae36fdee80db46bc1a0fb7e97533fa8de9e01eef3d28ec7a98c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6E06DB111962C7BE7302B729C0EEFB7E6CFB42BA1F400215B205D10809AA48842D6F0
                                                                                                                                                                                                                                                                                                                                                            Function 00928863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 008A9693
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A9639: SelectObject.GDI32(?,00000000), ref: 008A96A2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A9639: BeginPath.GDI32(?), ref: 008A96B9
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A9639: SelectObject.GDI32(?,00000000), ref: 008A96E2
                                                                                                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00928887
                                                                                                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,?,?), ref: 00928894
                                                                                                                                                                                                                                                                                                                                                            • EndPath.GDI32(?), ref: 009288A4
                                                                                                                                                                                                                                                                                                                                                            • StrokePath.GDI32(?), ref: 009288B2
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 610e930ac1e129eb4a5608cf87dc42dca45165be9538c8877888d124a3e2121e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8c8db0735fb03b45bca9111309acb2e33eb9c421d088ddf6ab4ae5483e0fde28
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 610e930ac1e129eb4a5608cf87dc42dca45165be9538c8877888d124a3e2121e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B0F05E3605A668FAEF225F94BC0AFCE3F59AF06311F048000FA11A50E2C7B55522EFE5
                                                                                                                                                                                                                                                                                                                                                            Function 008A98B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000008), ref: 008A98CC
                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,?), ref: 008A98D6
                                                                                                                                                                                                                                                                                                                                                            • SetBkMode.GDI32(?,00000001), ref: 008A98E9
                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000005), ref: 008A98F1
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 17d614107d90901e72335e0cb96e054e78f1ff6a5ca4cddd16df5d10a11ca089
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cc613b10b2ba7454426d4d5879d2da23f9ba84c9af7164d5a93a3698507a766e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 17d614107d90901e72335e0cb96e054e78f1ff6a5ca4cddd16df5d10a11ca089
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 69E0657125C680AADB315B75AC09BED3F10FB12336F048219F6F5940E2C3714651AB11
                                                                                                                                                                                                                                                                                                                                                            Function 008F162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 008F1634
                                                                                                                                                                                                                                                                                                                                                            • OpenThreadToken.ADVAPI32(00000000,?,?,?,008F11D9), ref: 008F163B
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,008F11D9), ref: 008F1648
                                                                                                                                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000,?,?,?,008F11D9), ref: 008F164F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3974789173-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b4c41071408deff3d9416af61e6acc2934f530c8444e7ede1762d5fda7be2996
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 45d9d1e0f13b3042dbbf4779e1874588660ee1a3d7240a26efdbe0d31aab375a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b4c41071408deff3d9416af61e6acc2934f530c8444e7ede1762d5fda7be2996
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72E086B1655211DBDB301FB09D0DB5A3B7CFF54791F144808F345DA080D6388442D754
                                                                                                                                                                                                                                                                                                                                                            Function 008ED858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 008ED858
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 008ED862
                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 008ED882
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?), ref: 008ED8A3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: eb3103cd93b4075b57ee3a850edbd38abde5b2b4931f5a290020e80bf8c6cd86
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d1d083a760360a0b902bcd2a3f02459f12aad86d00a9109c261d778d1b5c5148
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb3103cd93b4075b57ee3a850edbd38abde5b2b4931f5a290020e80bf8c6cd86
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DFE01AB1814209DFCF51AFA0D80C66DBBB1FB08710F148419F806E7250CB385902AF40
                                                                                                                                                                                                                                                                                                                                                            Function 008ED86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 008ED86C
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 008ED876
                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 008ED882
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?), ref: 008ED8A3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 75315b9e7f102a52682c9c249b48fc9222a21a04290f68dfdaae7900e117d80b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4e2351a7cd76e5f7e7912e87894e0742cf4ba641740ac6d54a06fc148bd825c9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75315b9e7f102a52682c9c249b48fc9222a21a04290f68dfdaae7900e117d80b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E4E046B1C18209EFCF60AFA0D80C66DBBB1FF08710F148008F80AE7250CB385902AF80
                                                                                                                                                                                                                                                                                                                                                            Function 00904D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00897620: _wcslen.LIBCMT ref: 00897625
                                                                                                                                                                                                                                                                                                                                                            • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00904ED4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: *$LPT
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 76184b12203a9724cc86d0f64bf28e606770f61b9623e736a0fda5552d2aa657
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 183ef9c6edd7a807e40c2337f49914a303ca38fe1b03c4fac9d790e340152397
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 76184b12203a9724cc86d0f64bf28e606770f61b9623e736a0fda5552d2aa657
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 009151B5A042059FCB14DF58C484EAABBF5FF44304F198099E60A9F3A2D735ED85CB91
                                                                                                                                                                                                                                                                                                                                                            Function 008BE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __startOneArgErrorHandling.LIBCMT ref: 008BE30D
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                                                                                                            • String ID: pow
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c726548844aef3ce719b6865fd9411d52276f7a285e14f39cf8f14852e957594
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 20fa2c59e782c4ba88b6bda300176c5591e2a39a43cb647f16fe087a964c32b4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c726548844aef3ce719b6865fd9411d52276f7a285e14f39cf8f14852e957594
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F515B61A1C6069ADB117718C941BFA2BF4FB40B40F34896CF096C23ADDB35CC959E86
                                                                                                                                                                                                                                                                                                                                                            Function 008AE187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: #
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 97dccae56cb8ee8da10713373f8c5abe5e5b9a90e185ffa66c0fad642bf68bea
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f8ef2165b607d9e03b634b0d2b661fe02970c1cecece70b989dd2e5764a190c4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 97dccae56cb8ee8da10713373f8c5abe5e5b9a90e185ffa66c0fad642bf68bea
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2451127550429ADFEF25EF29C881ABA7BA8FF57310F244459FC91DB280D6309D42CB91
                                                                                                                                                                                                                                                                                                                                                            Function 008AF291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 008AF2A2
                                                                                                                                                                                                                                                                                                                                                            • GlobalMemoryStatusEx.KERNEL32(?), ref: 008AF2BB
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 396f1206c0c46b536047595e3d402307e9cf826c3e9a3e76436dec83b30b7549
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ce6f411bf9a209eaf79de95eb4acaef18f4010aae72db4202a84a3f047b74edf
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 396f1206c0c46b536047595e3d402307e9cf826c3e9a3e76436dec83b30b7549
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F51677241C7449BD720AF14D886BAFBBF8FB85300F85884CF29981195EB718569CB67
                                                                                                                                                                                                                                                                                                                                                            Function 00915745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 009157E0
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 009157EC
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 101ac242c2c44777a0d939033b51b05b8906464ffd37d8c7b36bd34d66332323
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d602f0fcccb00ac9e8b770eb5f7f8abfaa145aeaeffce3a017b3d67ec40abfbe
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 101ac242c2c44777a0d939033b51b05b8906464ffd37d8c7b36bd34d66332323
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 11417D71A00209DFCB14DFA9C8829EEBBB9FF99314F164169E505A72A1E7309D81CB91
                                                                                                                                                                                                                                                                                                                                                            Function 0090D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0090D130
                                                                                                                                                                                                                                                                                                                                                            • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0090D13A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: |
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9ad3ba355ab9312cd5846891ae46684a41b1536d3762e4f6a43cfd7d9d8c631f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 33c5594afe47378fce896c339df466befb8283bcf9c6d739f19472c644142d64
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ad3ba355ab9312cd5846891ae46684a41b1536d3762e4f6a43cfd7d9d8c631f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17311971D01219AFCF15EFE8CC85AEE7FB9FF04340F140019E815A6262EB31AA16DB51
                                                                                                                                                                                                                                                                                                                                                            Function 0092356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?,?,?), ref: 00923621
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0092365C
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                                                                                            • String ID: static
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d937954e42aac52663e3a669bea1b7360325e3b83b0058a507a3d4f9fbb53851
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3c6e0496939df917bd1463b9a8175ae3deff56ea1caa8e0628f72e13914536a2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d937954e42aac52663e3a669bea1b7360325e3b83b0058a507a3d4f9fbb53851
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DD318F71110614AADB209F28EC81FBB73ADFF88724F108619F8A9D7280DA35AD91D760
                                                                                                                                                                                                                                                                                                                                                            Function 00924537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0092461F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00924634
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: '
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 85003bc60696edba0970cb855c5c5e9ad547417e6ac508106c4823099a3b4894
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e32b0d08dea804f7eb8f3b34eab4c4846ea30159e321d09be7f1e0b9f970ee41
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 85003bc60696edba0970cb855c5c5e9ad547417e6ac508106c4823099a3b4894
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 27314A74A0131A9FDF14CFA9D980BDA7BB9FF09300F14406AE904AB345D770A941CF90
                                                                                                                                                                                                                                                                                                                                                            Function 009231EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0092327C
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00923287
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: Combobox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 704d12aeadd0c078f551213144304156f8361c93d16cc908382c4e09f63dbab1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 35abfb027a21a278ef5ba2c6b02abe55fadc2ab6f0e35d08433aa45c0a44dfb0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 704d12aeadd0c078f551213144304156f8361c93d16cc908382c4e09f63dbab1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E110471300218BFFF21DF94EC80EBB3B6EEB94364F108128F928A7294D6359D519760
                                                                                                                                                                                                                                                                                                                                                            Function 00923710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0089600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0089604C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0089600E: GetStockObject.GDI32(00000011), ref: 00896060
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0089600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0089606A
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 0092377A
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000012), ref: 00923794
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                                                                            • String ID: static
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 57c62ec37b555fbefad97a555071acb8a64534806048a27fbdd303d71bbcddae
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e8a8300af1ff272f92cac695c1f4f4a7ba32b3b5dfdfc89effc6ef16af06e803
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 57c62ec37b555fbefad97a555071acb8a64534806048a27fbdd303d71bbcddae
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 821129B261021AAFDF10DFA8DC45EEE7BB8FB08314F004914F955E2250E775E861DB50
                                                                                                                                                                                                                                                                                                                                                            Function 0090CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0090CD7D
                                                                                                                                                                                                                                                                                                                                                            • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0090CDA6
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                                                                                            • String ID: <local>
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: adb4467dd1f1cba49eb94e30712fa94470f1783abf24033a408e28cca90877e7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bc4460c4de04dc3bc633fafda91496d0f483812ac28c95858cbd0b6cb006e0be
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: adb4467dd1f1cba49eb94e30712fa94470f1783abf24033a408e28cca90877e7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B11A0B1215631BED7384B668C49EE7BEACEF127A4F00472AB109930C0E6649885D6F0
                                                                                                                                                                                                                                                                                                                                                            Function 00923429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextLengthW.USER32(00000000), ref: 009234AB
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 009234BA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: edit
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: feef85c44b3273d9faaf5d60dff90b1da49dc7881dbb9ac882c65b466c205cc3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5551a2ec559fce5342beab7cb2083a9c3832fa0b8cab1437240054476d5b39d7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: feef85c44b3273d9faaf5d60dff90b1da49dc7881dbb9ac882c65b466c205cc3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7211B271110118ABEB116F64EC40AAB376EEB04374F508754F961931E8C779DC519B50
                                                                                                                                                                                                                                                                                                                                                            Function 008F6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?,?), ref: 008F6CB6
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008F6CC2
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID: STOP
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c775227b405f7c1e56afca3c9a7c6a2994927e3312464c6333682fe6ed635c95
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b889a45e179380783792d39e0dd16872db8edb0861e8ac35aaa2f06abe476c0a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c775227b405f7c1e56afca3c9a7c6a2994927e3312464c6333682fe6ed635c95
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C01C432A1052E9ACB20AFBDDC819BF77B5FB617147110628E9A2D6195FA32D920C650
                                                                                                                                                                                                                                                                                                                                                            Function 008F1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 008F3CCA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 008F1D4C
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 35431c7f3c0d3f3ec9d9c8e603b31364b4fabc731a6214101600162ff7677709
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0a7232112114af1511888f2b58acdf2c4166093011fd0cc40a439492bbe7d734
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 35431c7f3c0d3f3ec9d9c8e603b31364b4fabc731a6214101600162ff7677709
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA019E7160121CAB8F18FBB9CC698FE73A8FB46354B04061EF962A72D1EA3159088661
                                                                                                                                                                                                                                                                                                                                                            Function 008F1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 008F3CCA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000180,00000000,?), ref: 008F1C46
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 01aec8b75e8d8c6e306912170e59bb474f8d2614d2c9829cbc4c0db504ba23eb
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: abacfa5fe9ed7903835757bdf3ed4032d8a35a9b5d64eb5501945c5438419398
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 01aec8b75e8d8c6e306912170e59bb474f8d2614d2c9829cbc4c0db504ba23eb
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A501847568110CA6CF14FBA9C9659FF77A8FB61344F140019EA56F7282EA209B08D6B2
                                                                                                                                                                                                                                                                                                                                                            Function 008F1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 008F3CCA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000182,?,00000000), ref: 008F1CC8
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4a446b29b8aa5ae001f866b66e001c88d7215ce3cd707451f553d78ea8ca90ee
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c70b375d115e2d6a206ae9350af5aac3e2ee7cc38ae6c14e0ea95ddc90a7a618
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a446b29b8aa5ae001f866b66e001c88d7215ce3cd707451f553d78ea8ca90ee
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C01DB71A4011CA7CF14FBB9CE15AFE77A8FB11344F140019B952F3281EA219F08C672
                                                                                                                                                                                                                                                                                                                                                            Function 008F1D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008F3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 008F3CCA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 008F1DD3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c094a9082f924796f96d13966fe442360c8bf41040437831a0f607f8288af5ca
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6e27e3044c3c43a1efd4ed41200dee472fb466408b8f271f0c69d6a45b6827a2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c094a9082f924796f96d13966fe442360c8bf41040437831a0f607f8288af5ca
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 10F0A471A4121DA6DF14FBBDCC66AFE77B8FB41354F080919F962E32C2DA605A088261
                                                                                                                                                                                                                                                                                                                                                            Function 0091747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 176396367-3042988571
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 51bdc0981eba0067d64e8bba9b0b7e7dadd657812850740f46de180f2bf04455
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9ccb18a867a110d3cd584ac7405d563808b1caca59a5b7e87f4cefea30b0b062
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51bdc0981eba0067d64e8bba9b0b7e7dadd657812850740f46de180f2bf04455
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63E0931571521110533112BEACC25FFDA9EDFC57517141417F945C23B7D6548DD193A1
                                                                                                                                                                                                                                                                                                                                                            Function 008F0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 008F0B23
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                                                                                                                                                                                            • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3059ae455ce20d20910853af296eb7c4ff2ae40abb3621f4919a45623056b840
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 79d1b34979f8825693da7cd9c45fdfcd54ad2b71bbd0195dc54c43491d67ceb8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3059ae455ce20d20910853af296eb7c4ff2ae40abb3621f4919a45623056b840
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75E0D8712443183AD22437987C03F8D7AC4EF05B65F100426FB88D55C38AE164A006EB
                                                                                                                                                                                                                                                                                                                                                            Function 008B0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008AF7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,008B0D71,?,?,?,0089100A), ref: 008AF7CE
                                                                                                                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,0089100A), ref: 008B0D75
                                                                                                                                                                                                                                                                                                                                                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0089100A), ref: 008B0D84
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 008B0D7F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                                                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e98187f232b8467cc365c7cd1f765f001b969a9d1dd04f8f425674ef77066a75
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d646998588b46130a2f3afb4fecbde7ce1920fd40d686c662604a90993414a1c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e98187f232b8467cc365c7cd1f765f001b969a9d1dd04f8f425674ef77066a75
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46E039B02007518BD7309FA8E4087867BE0FB00744F084A2DE492C6796DBB0E4499F91
                                                                                                                                                                                                                                                                                                                                                            Function 00903017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0090302F
                                                                                                                                                                                                                                                                                                                                                            • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00903044
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                                                                                            • String ID: aut
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d4012091efd5484bd595383e65a2380cf9f2718dcfc6d7b6bf61e24a1f63977f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0394b88951df0064eaec9f4940d163594cc46867615844116412a8ab2b47e187
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d4012091efd5484bd595383e65a2380cf9f2718dcfc6d7b6bf61e24a1f63977f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90D05EB2500328B7DA30A7A5AC0EFCB3A6CDB04751F4002A1BA65E2095DEB0D989CBD0
                                                                                                                                                                                                                                                                                                                                                            Function 00922322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0092232C
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0092233F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008FE97B: Sleep.KERNEL32 ref: 008FE9F3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 82322f1408afeb82d1c8fb161d120173cc8cda0002a7367d1852b9836bcaf9e0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fc6f4ea7844e00c6cff70682b6c522e98cc019e8476d8e7ef0982aac0d4d25bf
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82322f1408afeb82d1c8fb161d120173cc8cda0002a7367d1852b9836bcaf9e0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 79D0A9723A8300B6E274A730AC0FFCA6A04AB00B00F000A06B705AA0E0C8F0A8028A10
                                                                                                                                                                                                                                                                                                                                                            Function 00922356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0092236C
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000), ref: 00922373
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008FE97B: Sleep.KERNEL32 ref: 008FE9F3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d899c4ceed68254f761c66023bfdba019560ae0b347000d421f9f6efded274e5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 513052c7c9e4d86b2dcba99e51c63b9c590a32d61a2473f2823d5ebfbd0ef576
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d899c4ceed68254f761c66023bfdba019560ae0b347000d421f9f6efded274e5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0D0A972398300BAE274A730AC0FFCA6A04AB04B00F000A06B701EA0E0C8F0A8028A14
                                                                                                                                                                                                                                                                                                                                                            Function 008CBDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 008CBE93
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008CBEA1
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 008CBEFC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2127643805.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2127305132.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2128632284.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2130493785.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131052794.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 592420267e7f047f2d6918299a6d4389c1436ca798cf8bcf1322cb577a9e8e7a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e805b988fc35f49ccc34fe6ef4027bca71bf8c7ff91eadd3fe229f692f2db99d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 592420267e7f047f2d6918299a6d4389c1436ca798cf8bcf1322cb577a9e8e7a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7141CF34614A16ABDB218FA8CC46FAA7BB4FF41720F14416DF959DB2A1DB30CC01DB61